CVE-2020-13298

medium

Description

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.

References

https://hackerone.com/reports/923027

https://gitlab.com/gitlab-org/gitlab/-/issues/228841

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json

Details

Source: Mitre, NVD

Published: 2020-09-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N