CVE-2020-13298

九月 14, 2020 - 未分类

CVE-Search
CVE-2020-13298

CVE-2020-13298

Summary

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json
https://gitlab.com/gitlab-org/gitlab/-/issues/228841
https://hackerone.com/reports/923027

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

14-09-2020 – 22:15

Published

14-09-2020 – 22:15

Last modified

14-09-2020 – 22:15

Notice: Undefined variable: canUpdate in /var/www/html/wordpress/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php on line 51

xxx

xxx站点

CVE-2020-13298