CVE-2020-13357 - log back

CVE-2020-13357 edited at 11 Dec 2020 13:49:18
Description
- An issue was discovered in Gitlab CE/EE versions starting from 13.1 to 13.5 which allowed an un-authorised user to access the user list corresponding to a feature flag in a project.
+ An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
References
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#un-authorised-access-to-feature-flag-user-list
+ https://gitlab.com/gitlab-org/gitlab/-/issues/241132
+ https://hackerone.com/reports/962408
CVE-2020-13357 edited at 08 Dec 2020 14:20:49
Type
- Directory traversal
+ Access restriction bypass
CVE-2020-13357 edited at 08 Dec 2020 14:17:24
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Directory traversal
Description
+ An issue was discovered in Gitlab CE/EE versions starting from 13.1 to 13.5 which allowed an un-authorised user to access the user list corresponding to a feature flag in a project.
References
+ https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#un-authorised-access-to-feature-flag-user-list
Notes
CVE-2020-13357 created at 08 Dec 2020 14:15:24