{"id":"CVE-2020-10535","details":"GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.","aliases":["BIT-gitlab-2020-10535"],"modified":"2026-06-03T09:48:44.720223Z","published":"2020-03-12T23:15:12.313Z","references":[{"type":"ADVISORY","url":"https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"5b0bcf2717b6d47ab87a96d3e7a889ef2225efd1"}],"database_specific":{"extracted_events":[{"introduced":"12.8.0"},{"fixed":"12.8.6"}],"source":"CPE_RANGE","cpe":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"]}}],"versions":["v12.8.5-ee","v12.8.3-ee","v12.8.4-ee","v12.8.1-ee","v12.8.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10535.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}