CVE-2020-13298
published 2020-09-14CVE-2020-13298: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the…
PriorityP429medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EPSS
1.24%
65.5th percentile
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 13.2.8-1 (sid) | gitlab 13.2.8-1 (sid) |
| gitlab | gitlab | < 13.1.10 | 13.1.10 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.2.0 < 13.2.8 | 13.2.8 |
| gitlab | gitlab | >= 13.3.0 < 13.3.4 | 13.3.4 |
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.8MEDIUM
vendor_debian7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6x4g-3g6f-c363: A vulnerability was discovered in GitLab versions before 13
ghsa_unreviewed·2022-05-24
CVE-2020-13298 [MEDIUM] CWE-20 GHSA-6x4g-3g6f-c363: A vulnerability was discovered in GitLab versions before 13
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
OSV
CVE-2020-13298: A vulnerability was discovered in GitLab versions before 13
osv·2020-09-14·CVSS 5.8
CVE-2020-13298 [MEDIUM] CVE-2020-13298: A vulnerability was discovered in GitLab versions before 13
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
GitLab
CVE-2020-13298: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating th
vendor_gitlab·2020-09-14·CVSS 7.2
CVE-2020-13298 [HIGH] CVE-2020-13298: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating th
CVE-2020-13298: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
Debian
CVE-2020-13298: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
vendor_debian·2020·CVSS 7.2
CVE-2020-13298 [HIGH] CVE-2020-13298: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
Scope: local
sid: resolved (fixed in 13.2.8-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/228841https://hackerone.com/reports/923027https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/228841https://hackerone.com/reports/923027
2020-09-14
Published