{"id":"CVE-2020-12277","details":"GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.","aliases":["BIT-gitlab-2020-12277"],"modified":"2026-04-09T06:48:48.483191Z","published":"2020-04-29T17:15:12.037Z","references":[{"type":"ADVISORY","url":"https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"342f33beb2ce090cfabfd0a5e7327b78d04588bb"},{"fixed":"8c3dbc944a2af1e1c5ae9145fc9991d38b7abbb3"},{"introduced":"342f33beb2ce090cfabfd0a5e7327b78d04588bb"},{"fixed":"8c3dbc944a2af1e1c5ae9145fc9991d38b7abbb3"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"6319b8e640d4c552261b8b679fe61b69b6eec4dc"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"6319b8e640d4c552261b8b679fe61b69b6eec4dc"},{"introduced":"073a4ba8016203c9e48595afd3ddea430d9420a3"},{"fixed":"0ebcf602332fc27fc2bc8a2eb7b14d7a1685c343"},{"introduced":"073a4ba8016203c9e48595afd3ddea430d9420a3"},{"fixed":"0ebcf602332fc27fc2bc8a2eb7b14d7a1685c343"}],"database_specific":{"versions":[{"introduced":"10.8.0"},{"fixed":"12.7.8"},{"introduced":"10.8.0"},{"fixed":"12.7.8"},{"introduced":"12.8.0"},{"fixed":"12.8.8"},{"introduced":"12.8.0"},{"fixed":"12.8.8"},{"introduced":"12.9.0"},{"fixed":"12.9.1"},{"introduced":"12.9.0"},{"fixed":"12.9.1"}]}}],"versions":["v12.8.0-ee","v12.8.1-ee","v12.8.3-ee","v12.8.4-ee","v12.8.5-ee","v12.8.7-ee","v12.9.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12277.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}