CVE-2020-13265

Severity CVSS v4.0:
Pending analysis
Type:
CWE-345 Insufficient Verification of Data Authenticity
Publication date:
19/06/2020
Last modified:
26/06/2020

Description

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 12.5.0 (including) 12.9.8 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 12.5.0 (including) 12.9.8 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 12.10.0 (including) 12.10.7 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 12.10.0 (including) 12.10.7 (excluding)
cpe:2.3:a:gitlab:gitlab:13.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:13.0.0:*:*:*:enterprise:*:*:*