CVE-2020-13340 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

8.7HIGHNVD

EPSS

1.4%

top 19.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedOct 8

Latest updateMay 24

Description

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages4 packages

▶NVDgitlab/gitlab13.3.0 — 13.3.7+2

▶debiandebian/gitlab< gitlab 13.3.9-1 (sid)

▶CVEListV5gitlab/gitlab>=12.4, <13.2.10, >=13.3, <13.3.7, >=13.4, <13.4.2+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-2hgm-r8rh-g5xg: An issue has been discovered in GitLab affecting all versions prior to 13↗2022-05-24

▶

OSV

CVE-2020-13340: An issue has been discovered in GitLab affecting all versions prior to 13↗2020-10-08

▶

📋Vendor Advisories

GitLab

CVE-2020-13340: An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log↗2020-10-08

▶

Debian

CVE-2020-13340: gitlab - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, ...↗2020

▶