CVE-2020-26411 - log back

CVE-2020-26411 edited at 11 Dec 2020 13:52:28
Description
- A potential denial of service vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
+ A potential denial of service vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused.
CVE-2020-26411 edited at 11 Dec 2020 13:45:21
Description
- A potential denial of service vulnerability was discovered in all versions of GitLab. Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused. It is fixed in Gitlab versions 13.6.2, 13.5.5 and 13.4.7.
+ A potential denial of service vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
References
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#a-specific-query-on-the-explore-page-causes-statement-timeouts
+ https://gitlab.com/gitlab-org/gitlab/-/issues/260330
CVE-2020-26411 edited at 08 Dec 2020 14:31:00
Description
- A potential denial of service vulnerability was discovered in all versions of GitLab. Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused. It is fixed in gitlab versions 13.6.2, 13.5.5 and 13.4.7.
+ A potential denial of service vulnerability was discovered in all versions of GitLab. Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused. It is fixed in Gitlab versions 13.6.2, 13.5.5 and 13.4.7.
CVE-2020-26411 edited at 08 Dec 2020 14:28:55
Description
- A potential denial of service vulnerability was discovered in all versions of GitLab. Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused.
+ A potential denial of service vulnerability was discovered in all versions of GitLab. Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused. It is fixed in gitlab versions 13.6.2, 13.5.5 and 13.4.7.
CVE-2020-26411 edited at 08 Dec 2020 14:22:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A potential denial of service vulnerability was discovered in all versions of GitLab. Using a specific query name for a project search can cause statement timeouts that can lead to a potential denial of service if abused.
References
+ https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#a-specific-query-on-the-explore-page-causes-statement-timeouts
Notes
CVE-2020-26411 created at 08 Dec 2020 14:15:24