Main Vulnerability Database Vulnerabilities #VU30174

Resource exhaustion in Gitlab Community Edition - CVE-2020-13274

Published: June 20, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30174

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-13274

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1

Remediation

Install update from vendor's website.

External links

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13274.json
https://gitlab.com/gitlab-org/gitlab/-/issues/14195

Resource exhaustion in Gitlab Community Edition - CVE-2020-13274

Description

Remediation

External links

Please verify you're human