Attacker Value
High
(2 users assessed)
Exploitability
Moderate
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
2

CVE-2020-10535

Disclosure Date: March 12, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

Add Assessment

2
Ratings
  • Attacker Value
    High
  • Exploitability
    Very Low
Technical Analysis

Not enough details to fully assess ATM but GitLab is signaling this is a high value vulnerability through: 1) Out of band critical release 2) Withholding details for 30 days (not sure they’ve ever done so).

General Information

Additional Info

Technical Analysis