CVE-2020-13306

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13306

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13306.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13306

Aliases

BIT-gitlab-2020-13306

Related

UBUNTU-CVE-2020-13306

Published

2020-09-14T22:15:11Z

Modified

2024-10-12T06:23:17.084081Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

ce28f708ec5ca68092e16f55e47710367d32f2a1

Fixed

593e80a4ee247065d721e03927d8cfee12cb116b

Affected versions

v13.*

v13.2.0-ee

v13.2.1-ee

v13.2.2-ee

v13.2.3-ee

v13.2.4-ee

v13.2.5-ee

v13.2.6-ee

v13.2.7-ee