CVE-2020-13307

Medium

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2…

GitLab·CWE-613·Published 2020-09-15

CVSS

4.7

EPSS

0.01

KEV

Exploits

cve.orgen

225 chars

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.

NVDen

225 chars

NVDes

255 chars

Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab no revocaba las sesiones de los usuarios actuales cuando se activaba la autenticación de 2 factores, permitiendo a un usuario malicioso mantener su acceso

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.0	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	4.7	1.2	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L