7.5

CVE-2020-13306

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab Version < 13.1.10
GitlabGitLab Version >= 13.2.0 < 13.2.8
GitlabGitLab Version >= 13.3.0 < 13.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.83% 0.76
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
cve@gitlab.com 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/223681
Broken Link
https://hackerone.com/reports/904134
Permissions Required