CVE-2020-13350 Information
Jun 07, 2022
cve
Description
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who’s able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0 <13.5.2>=13.4.0 <13.4.5<13.3.9.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Reference
https://gitlab.com/gitlab-org/gitlab/-/issues/24416 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json https://hackerone.com/reports/415238
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
4.3
Share on: