VYPR
Unrated severityNVD Advisory· Published Oct 7, 2020· Updated Aug 4, 2024

CVE-2020-13346

CVE-2020-13346

Description

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabllm-fuzzy2 versions
    >=13.2.0, <13.2.10; >=13.3.0, <13.3.7; >=13.4.0, <13.4.2+ 1 more
    • (no CPE)range: >=13.2.0, <13.2.10; >=13.3.0, <13.3.7; >=13.4.0, <13.4.2
    • (no CPE)range: >=11.2, <13.2.10
  • osv-coords
    Range: >= 11.2.0, < 13.2.10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.