Description
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- gitlab / GitLab CE/EE>=13.4 – >=13.4
- gitlab / GitLab CE/EE<13.4.5 – <13.4.5
- gitlab / GitLab CE/EE>=13.3 – >=13.3
- gitlab / GitLab CE/EE<13.3.9 – <13.3.9
- gitlab / GitLab CE/EE>=13.5 – >=13.5
- gitlab / GitLab CE/EE<13.5.2 – <13.5.2