CVE-2020-13350 - OpenCVE

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json
https://gitlab.com/gitlab-org/gitlab/-/issues/24416
https://hackerone.com/reports/415238

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2020-11-17T17:55:43

Updated: 2024-08-04T12:18:17.575Z

Reserved: 2020-05-21T00:00:00

Link: CVE-2020-13350

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-17T18:15:12.207

Modified: 2020-11-27T20:27:05.993

Link: CVE-2020-13350

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "GitLab CE/EE", "vendor": "GitLab", "versions": [{"status": "affected", "version": ">=13.5.0"}, {"status": "affected", "version": "<13.5.2"}, {"status": "affected", "version": ">=13.4.0"}, {"status": "affected", "version": "<13.4.5"}, {"status": "affected", "version": "<13.3.9"}]}], "credits": [{"lang": "en", "value": "Thanks [@ngalog](https://hackerone.com/ngalog) for reporting this vulnerability through our HackerOne bug bounty program"}], "descriptions": [{"lang": "en", "value": "CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Cross-site request forgery (csrf) in GitLab", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-17T17:55:43", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/24416"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/415238"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@gitlab.com", "ID": "CVE-2020-13350", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GitLab CE/EE", "version": {"version_data": [{"version_value": ">=13.5.0"}, {"version_value": "<13.5.2"}, {"version_value": ">=13.4.0"}, {"version_value": "<13.4.5"}, {"version_value": "<13.3.9"}]}}]}, "vendor_name": "GitLab"}]}}, "credit": [{"lang": "eng", "value": "Thanks [@ngalog](https://hackerone.com/ngalog) for reporting this vulnerability through our HackerOne bug bounty program"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site request forgery (csrf) in GitLab"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/24416", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/24416"}, {"name": "https://hackerone.com/reports/415238", "refsource": "MISC", "url": "https://hackerone.com/reports/415238"}, {"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:18:17.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/24416"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/415238"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json"}]}]}, "cveMetadata": {"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2020-13350", "datePublished": "2020-11-17T17:55:43", "dateReserved": "2020-05-21T00:00:00", "dateUpdated": "2024-08-04T12:18:17.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "A34E81CE-A7A0-44E1-9AE6-31C1EA9C2721", "versionEndExcluding": "13.3.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3E956D22-F491-4DEB-A995-808A926A4C8B", "versionEndExcluding": "13.3.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "C7D38168-5E74-4B9C-B0DA-9757D19DA5D5", "versionEndExcluding": "13.4.5", "versionStartIncluding": "13.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E04A3096-9883-4120-ADE4-8CEBE811E242", "versionEndExcluding": "13.4.5", "versionStartIncluding": "13.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "46B55443-7215-4998-A3D7-6B1014513756", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "59FA227C-599B-4636-8FD9-71A60D0C8ABC", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9."}, {"lang": "es", "value": "Un CSRF en la p\u00e1gina de administraci\u00f3n del ejecutor en todas las versiones de GitLab CE/EE, permite a un atacante que pueda apuntar a administradores de instancias de GitLab pausar y reanudar los ejecutores. Las versiones afectadas son las versiones posteriores a 13.5.0 e incluy\u00e9ndola, versiones anteriores a 13.5.2, versiones posteriores a 13.4.0 e incluy\u00e9ndola, versiones anteriores a 13.4.5, versiones anteriores a 13.3.9"}], "id": "CVE-2020-13350", "lastModified": "2020-11-27T20:27:05.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2020-11-17T18:15:12.207", "references": [{"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/24416"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/415238"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}