CVE-2020-10081
6.5
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
How to fix CVE-2020-10081
To remediate CVE-2020-10081, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 12.8.2 or later
Is CVE-2020-10081 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 12.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |