985 B
Date: 2020-09-16
GitLab before version 13.3.4 is vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
CVE : CVE-2020-13300 Vendor : GitLab Product : GitLab BaseScore : 10.0 (NIST) 8.0 (Vendor) Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Patches : available Exploits : unknown
we found various IPs in your ORG/ASN, matching criteria for possible vulnerable systems
False-Positive-Level: possible
please note: we took a slightly broarder approach while searching for gitlab-Instanzes to prevent False Negatives, so there are False Positives possible, due to the fact that our results also includes websites mentioning Gitlab in the HTML-body, redirects to hosts with "gitlab" as hostname or TLS-certificates with "gitlab" in it.
please find a list of affected IPs below and more information on that problem here:
References: