CVE-2020-13306
published 2020-09-14CVE-2020-13306: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.83%
76.2th percentile
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 13.2.8-1 (sid) | gitlab 13.2.8-1 (sid) |
| gitlab | gitlab | < 13.1.10 | 13.1.10 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.2.0 < 13.2.8 | 13.2.8 |
| gitlab | gitlab | >= 13.3.0 < 13.3.4 | 13.3.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2020-13306: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of servi
vendor_gitlab·2020-09-14·CVSS 3.7
CVE-2020-13306 [LOW] CWE-770 CVE-2020-13306: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of servi
CVE-2020-13306: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
Debian
CVE-2020-13306: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
vendor_debian·2020·CVSS 3.7
CVE-2020-13306 [LOW] CVE-2020-13306: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
Scope: local
sid: resolved (fixed in 13.2.8-1)
GHSA
GHSA-jcrh-hfqv-cr47: A vulnerability was discovered in GitLab versions before 13
ghsa_unreviewed·2022-05-24
CVE-2020-13306 [MEDIUM] GHSA-jcrh-hfqv-cr47: A vulnerability was discovered in GitLab versions before 13
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
OSV
CVE-2020-13306: A vulnerability was discovered in GitLab versions before 13
osv·2020-09-14·CVSS 7.5
CVE-2020-13306 [HIGH] CVE-2020-13306: A vulnerability was discovered in GitLab versions before 13
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
No detection rules found.
No public exploits indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/223681https://hackerone.com/reports/904134https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/223681https://hackerone.com/reports/904134
2020-09-14
Published