CVE-2020-13306

high

Description

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

References

https://hackerone.com/reports/904134

https://gitlab.com/gitlab-org/gitlab/-/issues/223681

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json

Details

Source: Mitre, NVD

Published: 2020-09-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High