{"id":"CVE-2020-12275","details":"GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.","aliases":["BIT-gitlab-2020-12275"],"modified":"2026-03-14T11:59:37.932909Z","published":"2020-04-29T17:15:11.943Z","references":[{"type":"ADVISORY","url":"https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"11ac4a9aa216b39b2880f8a647f39f6ea77cef1a"},{"fixed":"8c3dbc944a2af1e1c5ae9145fc9991d38b7abbb3"},{"introduced":"11ac4a9aa216b39b2880f8a647f39f6ea77cef1a"},{"fixed":"8c3dbc944a2af1e1c5ae9145fc9991d38b7abbb3"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"6319b8e640d4c552261b8b679fe61b69b6eec4dc"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"fixed":"6319b8e640d4c552261b8b679fe61b69b6eec4dc"},{"introduced":"073a4ba8016203c9e48595afd3ddea430d9420a3"},{"fixed":"0ebcf602332fc27fc2bc8a2eb7b14d7a1685c343"},{"introduced":"073a4ba8016203c9e48595afd3ddea430d9420a3"},{"fixed":"0ebcf602332fc27fc2bc8a2eb7b14d7a1685c343"}],"database_specific":{"versions":[{"introduced":"12.6.0"},{"fixed":"12.7.8"},{"introduced":"12.6.0"},{"fixed":"12.7.8"},{"introduced":"12.8.0"},{"fixed":"12.8.8"},{"introduced":"12.8.0"},{"fixed":"12.8.8"},{"introduced":"12.9.0"},{"fixed":"12.9.1"},{"introduced":"12.9.0"},{"fixed":"12.9.1"}]}}],"versions":["v12.8.0-ee","v12.8.1-ee","v12.8.2-ee","v12.8.3-ee","v12.8.4-ee","v12.8.5-ee","v12.8.6-ee","v12.8.7-ee","v12.9.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12275.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}