CVE-2020-13355 GitLab CE/EE (Path Traversal)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
1.1 Vulnerability Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base score of this vulnerability is 8.1 High. (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
A Hacker One user by the handle “saltyyolk”
GitLab helps enterprises innovate quickly with all-in-one CI/CD, source code management, and security. The risk posed by this vulnerability is a high as it gets. An attacker can damage user’s code. Public exploit is not available.
Virsec Security Platform (VSP) Support
The Virsec Security Platform (VSP)- Web component can protect the GitLab CE/ EE server from being compromised by a path traversal vulnerability.
Download the full vulnerability report to learn more about this and other important vulnerabilities.