CVE-2020-10081
First published: Fri Mar 13 2020(Updated: )
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <=12.8.1 | |
| GitLab | <=12.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10081?
CVE-2020-10081 is classified as a medium severity vulnerability due to incorrect access control in the LFS import process.
How do I fix CVE-2020-10081?
To mitigate CVE-2020-10081, upgrade your GitLab installation to version 12.8.2 or later.
What versions of GitLab are affected by CVE-2020-10081?
CVE-2020-10081 affects GitLab versions prior to 12.8.2, specifically up to 12.8.1.
What is the impact of CVE-2020-10081?
The impact of CVE-2020-10081 allows users to potentially access LFS objects that they do not own.
Is there a workaround for CVE-2020-10081?
There are no known workarounds for CVE-2020-10081, and updating to the latest version is recommended.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.8.1