CVE-2020-13304

High

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated…

GitLab·CWE-330·Published 2020-09-14

CVSS

7.2

EPSS

0.02

KEV

Exploits

cve.orgen

211 chars

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.

NVDen

211 chars

NVDes

249 chars

Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El mismo código secreto de autenticación de 2 factores era generado, lo que resultaba en que un atacante mantuviera el acceso bajo determinadas condiciones

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H