Lucene search

K
cvelistGitLabCVELIST:CVE-2020-13310
HistorySep 14, 2020 - 9:33 p.m.

CVE-2020-13310

2020-09-1421:33:50
GitLab
www.cve.org
6
vulnerability
gitlab runner
denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

41.8%

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.

CNA Affected

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=1.0, <13.1.3"
      },
      {
        "status": "affected",
        "version": ">=13.2, <13.2.3"
      },
      {
        "status": "affected",
        "version": ">=13.3, <13.3.1"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

41.8%