{"id":"CVE-2020-11649","details":"An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.","aliases":["BIT-gitlab-2020-11649"],"modified":"2026-04-10T04:21:50.277790Z","published":"2020-04-22T20:15:11.433Z","references":[{"type":"ADVISORY","url":"https://about.gitlab.com/blog/categories/releases/"},{"type":"ADVISORY","url":"https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"c1710afbd437c557741ff4c7fa185c6ffb89bf1b"},{"fixed":"653aeeabba2ac7b5510af3901d1e684436ca901c"},{"introduced":"c1710afbd437c557741ff4c7fa185c6ffb89bf1b"},{"fixed":"653aeeabba2ac7b5510af3901d1e684436ca901c"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"bdf986aa14379fc3e5981b186320cc23f0ab31a9"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"bdf986aa14379fc3e5981b186320cc23f0ab31a9"},{"introduced":"073a4ba8016203c9e48595afd3ddea430d9420a3"},{"fixed":"7c13691fb8ee04fc566782d3aa3e84b447a85edc"},{"introduced":"073a4ba8016203c9e48595afd3ddea430d9420a3"},{"fixed":"7c13691fb8ee04fc566782d3aa3e84b447a85edc"}],"database_specific":{"versions":[{"introduced":"8.15.0"},{"fixed":"12.7.9"},{"introduced":"8.15.0"},{"fixed":"12.7.9"},{"introduced":"12.8.0"},{"fixed":"12.8.9"},{"introduced":"12.8.0"},{"fixed":"12.8.9"},{"introduced":"12.9.0"},{"fixed":"12.9.3"},{"introduced":"12.9.0"},{"fixed":"12.9.3"}]}}],"versions":["v12.8.0-ee","v12.8.1-ee","v12.8.3-ee","v12.8.4-ee","v12.8.5-ee","v12.8.7-ee","v12.9.0-ee","v12.9.2-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11649.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}