CVE-2020-13350

🗓️ 17 Nov 2020 17:55:43Reported by GitLabType

GitLab CSRF vulnerability, allows pausing/resuming runners

Reporter	Title	Published	Views	Family All 19
FreeBSD	Gitlab -- Multiple vulnerabilities	2 Nov 202000:00	–	freebsd
Circl	CVE-2020-13350	17 Nov 202020:39	–	circl
CNVD	GitLab CE/EE Cross-Site Request Forgery Vulnerability	18 Nov 202000:00	–	cnvd
CVE	CVE-2020-13350	17 Nov 202017:55	–	cve
Debian CVE	CVE-2020-13350	17 Nov 202017:55	–	debiancve
EUVD	EUVD-2020-5610	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Multiple vulnerabilities (174e466b-1d48-11eb-bd0f-001b217b3468)	3 Nov 202000:00	–	nessus
Tenable Nessus	GitLab < 13.3.9 (CVE-2020-13350)	17 May 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-13350	18 Aug 202500:00	–	nessus
Hacker One	GitLab: [Admin Panel] CSRF to resume/pause runner	27 Sep 201810:33	–	hackerone

[
  {
    "product": "GitLab CE/EE",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=13.5.0"
      },
      {
        "status": "affected",
        "version": "<13.5.2"
      },
      {
        "status": "affected",
        "version": ">=13.4.0"
      },
      {
        "status": "affected",
        "version": "<13.4.5"
      },
      {
        "status": "affected",
        "version": "<13.3.9"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json
hackerone	www.hackerone.com/reports/415238
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/24416

17 Nov 2020 17:55Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.13.1

EPSS0.00692