Description
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/228841
Permissions Required x_refsource_misc
https://hackerone.com/reports/923027
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json
Scores
CVSS v3
7.2
EPSS
0.0032
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Details
Status
published
Products (1)
gitlab/gitlab
< 13.1.10
Published
Sep 14, 2020
Tracked Since
Feb 18, 2026