CVE-2020-13306

Published: Sep 14, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

Affected (3)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 13.1.10
Gitlab Gitlab	From 13.2.0 to 13.2.8
Gitlab Gitlab	From 13.3.0 to 13.3.4

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/223681

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/904134

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/223681

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/904134

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.