CVE-2020-13280 — Uncontrolled Resource Consumption in Gitlab

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 71.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedAug 13

Latest updateMay 24

Description

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgitlab/gitlab13.1.0 — 13.1.6+2

▶debiandebian/gitlab< gitlab 13.2.3-2 (sid)

▶CVEListV5gitlab/gitlab<13.0.12, >=13.1, <13.1.6, >=13.2, <13.2.3+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-4839-fmx8-4hrv: For GitLab before 13↗2022-05-24

▶

OSV

CVE-2020-13280: For GitLab before 13↗2020-08-13

▶

📋Vendor Advisories

GitLab

CVE-2020-13280: For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.↗2020-08-13

▶

Debian

CVE-2020-13280: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to...↗2020

▶