Vulnerability CVE-2020-13306


Published: 2020-09-14

Description:
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

Type:

CWE-770

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Gitlab -> Gitlab 

 References:
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json
https://gitlab.com/gitlab-org/gitlab/-/issues/223681
https://hackerone.com/reports/904134

Copyright 2020, cxsecurity.com

 

Back to Top