cbcvebase.
CVE-2020-13350
published 2020-11-17

CVE-2020-13350: CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume…

PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCNINAL
EPSS
0.69%
48.3th percentile
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, =13.4.0, <13.4.5,<13.3.9.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiangitlab< gitlab 13.3.9-1 (sid)gitlab 13.3.9-1 (sid)
gitlabgitlab< 13.3.913.3.9
gitlabgitlab
gitlabgitlab>= 13.4.0 < 13.4.513.4.5
gitlabgitlab>= 13.5.0 < 13.5.213.5.2
gitlabgitlab_ce
gitlabgitlab_ce_ee
gitlabgitlab_ce_ee
gitlabgitlab_ce_ee
gitlabgitlab_ce_ee
gitlabgitlab_ce_ee

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian3.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.