- Description
- Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
- Source
- cve@gitlab.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- nvd@nist.gov
- CWE-863
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D5D42B1-6E9E-43AF-9D34-08976153DB2C",
"versionEndExcluding": "13.12.9",
"versionStartIncluding": "12.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80FE53A3-015A-41EF-B238-DEE9AB2FEF8C",
"versionEndExcluding": "14.0.7",
"versionStartIncluding": "14.0.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02027E6A-E1D7-4109-BC9A-2B6BC335BA20",
"versionEndExcluding": "14.1.2",
"versionStartIncluding": "14.1.0"
}
],
"operator": "OR"
}
]
}
]