PT-2020-13447 · Gitlab · Gitlab

Noddyn12

Published

2020-09-14

Updated

2024-03-06

CVE-2020-13306

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4

Description A denial of service attack can be performed due to the lack of rate limitation in the GitLab Webhook feature.

Recommendations For versions prior to 13.1.10, update to version 13.1.10 or later. For versions prior to 13.2.8, update to version 13.2.8 or later. For versions prior to 13.3.4, update to version 13.3.4 or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-GITLAB-2020-13306

CVE-2020-13306

Affected Products

Gitlab

PT-2020-13447 · Gitlab · Gitlab

CVE-2020-13306

Weakness Enumeration

Related Identifiers

Affected Products

References · 10