CVE-2020-13298

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13298

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13298.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13298

Aliases

BIT-gitlab-2020-13298

Related

UBUNTU-CVE-2020-13298

Published

2020-09-14T22:15:10Z

Modified

2024-10-12T06:23:04.480337Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

ce28f708ec5ca68092e16f55e47710367d32f2a1

Fixed

593e80a4ee247065d721e03927d8cfee12cb116b

Affected versions

v13.*

v13.2.0-ee

v13.2.1-ee

v13.2.2-ee

v13.2.3-ee

v13.2.4-ee

v13.2.5-ee

v13.2.6-ee

v13.2.7-ee