PT-2020-13497 · Gitlab · Gitlab Ce/Ee+1

Published

2020-11-18

Updated

2024-03-06

CVE-2020-13356

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.8.9 through 13.3.8 GitLab CE/EE versions 13.4 through 13.4.4 GitLab CE/EE versions 13.5 through 13.5.1

Description An issue has been discovered in GitLab CE/EE where a specially crafted request could bypass Multipart protection and read files in certain specific paths on the server.

Recommendations For versions 8.8.9 through 13.3.8, update to version 13.3.9 or later to resolve the issue. For versions 13.4 through 13.4.4, update to version 13.4.5 or later to resolve the issue. For versions 13.5 through 13.5.1, update to version 13.5.2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-GITLAB-2020-13356

CVE-2020-13356

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-13497 · Gitlab · Gitlab Ce/Ee+1

CVE-2020-13356

Related Identifiers

Affected Products

References · 7