CVE-2020-13356 - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

Link	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13356.json	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/230878	Broken Link
https://hackerone.com/reports/927953	Permissions Required Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2020-11-18T23:35:05

Updated: 2020-11-18T23:35:05

Reserved: 2020-05-21T00:00:00

Link: CVE-2020-13356

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-19T00:15:12.120

Modified: 2020-12-01T19:09:43.993

Link: CVE-2020-13356

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "GitLab CE/EE", "vendor": "GitLab", "versions": [{"status": "affected", "version": ">=8.8.9"}, {"status": "affected", "version": "<13.3.9"}, {"status": "affected", "version": ">=13.4"}, {"status": "affected", "version": "<13.4.5"}, {"status": "affected", "version": ">=13.5"}, {"status": "affected", "version": "<13.5.2"}]}], "credits": [{"lang": "en", "value": "Thanks [ledz1996](https://hackerone.com/ledz1996) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Information exposure in GitLab", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-18T23:35:05", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/230878"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/927953"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13356.json"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@gitlab.com", "ID": "CVE-2020-13356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GitLab CE/EE", "version": {"version_data": [{"version_value": ">=8.8.9"}, {"version_value": "<13.3.9"}, {"version_value": ">=13.4"}, {"version_value": "<13.4.5"}, {"version_value": ">=13.5"}, {"version_value": "<13.5.2"}]}}]}, "vendor_name": "GitLab"}]}}, "credit": [{"lang": "eng", "value": "Thanks [ledz1996](https://hackerone.com/ledz1996) for reporting this vulnerability through our HackerOne bug bounty program"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information exposure in GitLab"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/230878", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/230878"}, {"name": "https://hackerone.com/reports/927953", "refsource": "MISC", "url": "https://hackerone.com/reports/927953"}, {"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13356.json", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13356.json"}]}}}}, "cveMetadata": {"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2020-13356", "datePublished": "2020-11-18T23:35:05", "dateReserved": "2020-05-21T00:00:00", "dateUpdated": "2020-11-18T23:35:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "3887890C-DF41-40FF-B498-9F5C48F9D7AA", "versionEndExcluding": "13.3.9", "versionStartIncluding": "8.8.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "37BFF24E-E7CE-4FA5-879C-CD78D3047714", "versionEndExcluding": "13.3.9", "versionStartIncluding": "8.8.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "C7D38168-5E74-4B9C-B0DA-9757D19DA5D5", "versionEndExcluding": "13.4.5", "versionStartIncluding": "13.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E04A3096-9883-4120-ADE4-8CEBE811E242", "versionEndExcluding": "13.4.5", "versionStartIncluding": "13.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "46B55443-7215-4998-A3D7-6B1014513756", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "59FA227C-599B-4636-8FD9-71A60D0C8ABC", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2."}, {"lang": "es", "value": "Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 8.8.9. Una petici\u00f3n especialmente dise\u00f1ada podr\u00eda omitir una protecci\u00f3n Multipart y leer archivos en determinadas rutas espec\u00edficas en el servidor. Las versiones afectadas son: versiones posteriores a 8.8.9 incluy\u00e9ndola, versiones anteriores a 13.3.9, versiones posteriores a 13.4 incluy\u00e9ndola, versiones anteriores a 13.4.5, versiones posteriores a 13.5 incluy\u00e9ndola, versiones anteriores a 13.5.2"}], "id": "CVE-2020-13356", "lastModified": "2020-12-01T19:09:43.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2020-11-19T00:15:12.120", "references": [{"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13356.json"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/230878"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/927953"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}