CVE-2020-13306
LOWGitLab < 13.1.10 - Denial of Service via Webhook Rate Limitation Bypass
Title source: llmDescription
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/223681
Permissions Required x_refsource_misc
https://hackerone.com/reports/904134
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json
Scores
CVSS v3
3.7
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-770
Status
published
Products (1)
gitlab/gitlab
< 13.1.10
Published
Sep 14, 2020
Tracked Since
Feb 18, 2026