CVE-2020-13350

🗓️ 17 Nov 2020 17:55:43Reported by GitLabType

CSRF in GitLab CE/EE allows admin control of runner

Reporter	Title	Published	Views	Family All 19
FreeBSD	Gitlab -- Multiple vulnerabilities	2 Nov 202000:00	–	freebsd
Circl	CVE-2020-13350	17 Nov 202020:39	–	circl
CNVD	GitLab CE/EE Cross-Site Request Forgery Vulnerability	18 Nov 202000:00	–	cnvd
Cvelist	CVE-2020-13350	17 Nov 202017:55	–	cvelist
Debian CVE	CVE-2020-13350	17 Nov 202017:55	–	debiancve
EUVD	EUVD-2020-5610	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Multiple vulnerabilities (174e466b-1d48-11eb-bd0f-001b217b3468)	3 Nov 202000:00	–	nessus
Tenable Nessus	GitLab < 13.3.9 (CVE-2020-13350)	17 May 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-13350	18 Aug 202500:00	–	nessus
Hacker One	GitLab: [Admin Panel] CSRF to resume/pause runner	27 Sep 201810:33	–	hackerone

NVD

Vulners

Node

gitlab gitlabRange<13.3.9community

gitlab gitlabRange<13.3.9enterprise

gitlab gitlabRange13.4.0–13.4.5community

gitlab gitlabRange13.4.0–13.4.5enterprise

gitlab gitlabRange13.5.0–13.5.2community

gitlab gitlabRange13.5.0–13.5.2enterprise

[
  {
    "product": "GitLab CE/EE",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=13.5.0"
      },
      {
        "status": "affected",
        "version": "<13.5.2"
      },
      {
        "status": "affected",
        "version": ">=13.4.0"
      },
      {
        "status": "affected",
        "version": "<13.4.5"
      },
      {
        "status": "affected",
        "version": "<13.3.9"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json
hackerone	www.hackerone.com/reports/415238
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/24416

17 Jun 2026 02:53Current

4.6Medium risk

Vulners AI Score4.6

CVSS 3.13.1 - 4.3

CVSS 24.3

EPSS0.00692

CWE-352