Overview
- Description
- Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
- Source
- cve@gitlab.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-863
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D5D42B1-6E9E-43AF-9D34-08976153DB2C",
"versionEndExcluding": "13.12.9",
"versionStartIncluding": "12.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80FE53A3-015A-41EF-B238-DEE9AB2FEF8C",
"versionEndExcluding": "14.0.7",
"versionStartIncluding": "14.0.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02027E6A-E1D7-4109-BC9A-2B6BC335BA20",
"versionEndExcluding": "14.1.2",
"versionStartIncluding": "14.1.0"
}
],
"operator": "OR"
}
]
}
]