CVE-2020-13306
First published: Mon Sep 14 2020(Updated: )
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <13.1.10 | |
| GitLab | >=13.2.0<13.2.8 | |
| GitLab | >=13.3.0<13.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13306?
CVE-2020-13306 is classified as a denial of service vulnerability due to lack of rate limiting in GitLab.
How do I fix CVE-2020-13306?
To fix CVE-2020-13306, upgrade GitLab to version 13.1.10, 13.2.8, or 13.3.4 or later.
What versions of GitLab are affected by CVE-2020-13306?
CVE-2020-13306 affects GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4.
What kind of attack can be performed due to CVE-2020-13306?
CVE-2020-13306 can be exploited to conduct denial of service attacks on GitLab instances.
Is it safe to use GitLab versions below 13.1.10 after CVE-2020-13306?
No, using GitLab versions below 13.1.10 after CVE-2020-13306 is not safe due to the identified vulnerability.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/13.2.0
- version/gitlab/13.3.0