Unrated severityNVD Advisory· Published Mar 13, 2020· Updated Aug 4, 2024

CVE-2020-10073

Description

GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GitLab EE 12.4.2 through 12.8.1 is vulnerable to a denial of service via permissions checks on the project home page.

Vulnerability

A denial of service vulnerability exists in GitLab EE versions 12.4.2 through 12.8.1. The issue is triggered by permissions checks performed when loading a project home page, leading to excessive resource consumption. The vulnerability was internally discovered and does not require any special configuration beyond a standard GitLab EE deployment [1].

Exploitation

An attacker with access to a project (e.g., any authenticated user) can cause a denial of service by repeatedly or specifically interacting with the project home page in a way that triggers the vulnerable permission checks. The exact sequence of steps has not been publicly disclosed, but the attack vector is network-based and requires no special privileges beyond being able to view the project [1].

Impact

Successful exploitation results in a denial of service, making the affected project home page unresponsive or slow for legitimate users. No data confidentiality or integrity is compromised; the impact is limited to availability [1].

Mitigation

The vulnerability is fixed in GitLab EE version 12.8.2, released on 2020-03-04 [1]. Users should upgrade to this version or later. No workarounds have been provided by the vendor.

References

GitLab release notes | GitLab Docs

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

GitLab/GitLab EEdescription
GitLab Inc./CE/EEllm-fuzzy
Range: >=12.4.2, <=12.8.1
osv-coords
pkg:bitnami/gitlab
Range: >= 12.4.2, < 12.8.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/mitrex_refsource_MISC
about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000