← Back to CVE List

CVE-2020-13359

Published: 2020-11-19T00:15Z
Last Modified: 2024-11-21T05:01Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt