CVE-2020-13306 Information
Feb 14, 2021
cve
Description
A vulnerability was discovered in GitLab versions before 13.1.10 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json https://gitlab.com/gitlab-org/gitlab/-/issues/223681 https://hackerone.com/reports/904134
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: