Vulnerability Details CVE-2020-26411
A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2020-26411
-
cpe:2.3:a:gitlab:gitlab:13.4.0
-
cpe:2.3:a:gitlab:gitlab:13.4.1
-
cpe:2.3:a:gitlab:gitlab:13.4.2
-
cpe:2.3:a:gitlab:gitlab:13.4.3
-
cpe:2.3:a:gitlab:gitlab:13.4.4
-
cpe:2.3:a:gitlab:gitlab:13.4.5
-
cpe:2.3:a:gitlab:gitlab:13.4.6
-
cpe:2.3:a:gitlab:gitlab:13.5.0
-
cpe:2.3:a:gitlab:gitlab:13.5.1
-
cpe:2.3:a:gitlab:gitlab:13.5.2
-
cpe:2.3:a:gitlab:gitlab:13.5.3
-
cpe:2.3:a:gitlab:gitlab:13.5.4
-
cpe:2.3:a:gitlab:gitlab:13.6.0
-
cpe:2.3:a:gitlab:gitlab:13.6.1