CVE-2020-13298

Summary

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.3, <13.3.4affected
GitLabGitLab>=13.2, <13.2.8affected
GitLabGitLab>=13.1, <13.1.10affected

Weaknesses

  • Information exposure in GitLab

ADP Enrichment

CVE Program Container

Additional References

References