<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2020-13355 GitLab CE/EE (Path Traversal)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

1.1        Vulnerability Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server.

CVE-2020-13355

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 8.1 High. (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

Affected Version

Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Vulnerability Attribution

A Hacker One user by the handle “saltyyolk”

Risk Impact

GitLab helps enterprises innovate quickly with all-in-one CI/CD, source code management, and security. The risk posed by this vulnerability is a high as it gets. An attacker can damage user’s code. Public exploit is not available.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- Web component can protect the GitLab CE/ EE server from being compromised by a path traversal vulnerability.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.