CVE-2020-26411 — Improper Resource Shutdown or Release in Gitlab

CWE-404 — Improper Resource Shutdown or Release13 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 73.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedDec 11

Latest updateMay 24

Description

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to =13.5 to =13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDgitlab/gitlab13.4.0 — 13.4.7+2

▶debiandebian/gitlab< gitlab 13.4.7-1 (sid)

▶CVEListV5gitlab/gitlab>=13.4, <13.4.7, >=13.5, <13.5.5, >=13.6, <13.6.2+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-2qvv-wf53-7c44: A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13↗2022-05-24

▶

OSV

CVE-2020-26411: A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13↗2020-12-11

▶

📋Vendor Advisories

GitLab

CVE-2020-26411: A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6↗2020-12-11

▶

Debian

CVE-2020-26411: gitlab - A potential DOS vulnerability was discovered in all versions of Gitlab starting ...↗2020

▶

🕵️Threat Intelligence

Trendmicro

Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising↗2021-08-09

▶

Threat Intel

APT37 (APT37, InkySquid, ScarCruft)

▶