CVE-2020-13358
First published: Tue Nov 17 2020(Updated: )
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=13.3.0<13.3.9 | |
| GitLab | >=13.3.0<=13.3.9 | |
| GitLab | >=13.4.0<13.4.5 | |
| GitLab | >=13.4.0<13.4.5 | |
| GitLab | >=13.5.0<13.5.2 | |
| GitLab | >=13.5.0<13.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13358?
CVE-2020-13358 is considered a critical vulnerability affecting GitLab versions 13.3 and above.
How do I fix CVE-2020-13358?
To fix CVE-2020-13358, you should upgrade GitLab to version 13.4.5 or later, or version 13.3.9 or later.
Which versions are affected by CVE-2020-13358?
CVE-2020-13358 affects GitLab versions greater than or equal to 13.3 but less than 13.3.9, and versions between 13.4 and 13.4.5, as well as between 13.5 and 13.5.2.
What type of access does CVE-2020-13358 allow?
CVE-2020-13358 allows unauthorized access to private projects in GitLab installations.
Is CVE-2020-13358 present in earlier versions of GitLab?
No, CVE-2020-13358 affects GitLab versions 13.3 and above, so earlier versions are not impacted.
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/13.3.0
- version/gitlab/13.3.9
- version/gitlab/13.4.0
- version/gitlab/13.5.0