PT-2020-16417 · Gitlab · Gitlab
Bob Van Landuyt
·
Published
2020-12-11
·
Updated
2024-03-06
·
CVE-2020-26411
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Gitlab versions 13.4.x through 13.4.7
Gitlab versions 13.5 through 13.5.5
Gitlab versions 13.6 through 13.6.2
Description
A potential DOS issue was discovered in Gitlab. It can be triggered by using a specific query name for a project search, causing statement timeouts that could lead to a potential DOS if exploited.
Recommendations
For Gitlab versions 13.4.x through 13.4.7, update to a version that includes the fix for this issue.
For Gitlab versions 13.5 through 13.5.5, update to a version that includes the fix for this issue.
For Gitlab versions 13.6 through 13.6.2, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of specific query names in project searches to minimize the risk of exploitation.
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab