CVE-2020-13359

🗓️ 18 Nov 2020 23:57:34Reported by GitLabType

The Terraform API in GitLab CE/EE 12.10+ exposed object storage signed URL on delete operation, allowing a project maintainer to overwrite state, bypassing audit and controls

Reporter	Title	Published	Views	Family All 15
FreeBSD	Gitlab -- Multiple vulnerabilities	2 Nov 202000:00	–	freebsd
Circl	CVE-2020-13359	9 Dec 202006:25	–	circl
CVE	CVE-2020-13359	18 Nov 202023:57	–	cve
Debian CVE	CVE-2020-13359	18 Nov 202023:57	–	debiancve
EUVD	EUVD-2020-5618	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Multiple vulnerabilities (174e466b-1d48-11eb-bd0f-001b217b3468)	3 Nov 202000:00	–	nessus
Tenable Nessus	GitLab 12.10 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13359)	17 May 202400:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab	17 Nov 202000:00	–	ncsc
NVD	CVE-2020-13359	19 Nov 202000:15	–	nvd
OSV	BIT-GITLAB-2020-13359	6 Mar 202411:21	–	osv

[
  {
    "product": "GitLab CE/EE",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=12.10"
      },
      {
        "status": "affected",
        "version": "<13.3.9"
      },
      {
        "status": "affected",
        "version": ">=13.4"
      },
      {
        "status": "affected",
        "version": "<13.4.5"
      },
      {
        "status": "affected",
        "version": ">=13.5"
      },
      {
        "status": "affected",
        "version": "<13.5.2"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13359.json
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/250266

18 Nov 2020 23:57Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.6

EPSS0.00086