Candidate: CVE-2020-13356
PublicDate: 2020-11-19 00:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13356
Description:
 An issue has been discovered in GitLab CE/EE affecting all versions
 starting from 8.8.9. A specially crafted request could bypass Multipart
 protection and read files in certain specific paths on the server. Affected
 versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Ubuntu-Description:
Notes:
 amurray| Only affects GitLab CE/EE 8.8.9
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N [8.2 HIGH]


Patches_gitlab:
upstream_gitlab: needs-triage
precise/esm_gitlab: DNE
trusty_gitlab: DNE
trusty/esm_gitlab: DNE
xenial_gitlab: not-affected (code not present)
bionic_gitlab: DNE
focal_gitlab: DNE
groovy_gitlab: DNE
devel_gitlab: DNE