CSRF Vulnerability in GitLab CE/EE Allows Unauthorized Runner Control

CSRF Vulnerability in GitLab CE/EE Allows Unauthorized Runner Control

CVE-2020-13350 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.

Learn more about our Web Application Penetration Testing UK.