PT-2019-11572 · Gitlab · Gitlab Ce/Ee+1
Rgupt
·
Publicado
2019-05-15
·
Atualizado
2019-05-16
·
CVE-2019-10109
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab Community and Enterprise Edition versions 11.7.8 and earlier, 11.8.x before 11.8.4, and 11.9.x before 11.9.2
GitLab Community and Enterprise Edition versions 11.7.10 and earlier, 11.8.x before 11.8.6, and 11.9.x before 11.9.4
Description:
An Information Exposure issue was discovered in GitLab Community and Enterprise Edition. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).
Recommendations:
For versions 11.7.8 and earlier, 11.8.x before 11.8.4, and 11.9.x before 11.9.2, update to version 11.7.8 or later, 11.8.4 or later, and 11.9.2 or later respectively.
For versions 11.7.10 and earlier, 11.8.x before 11.8.6, and 11.9.x before 11.9.4, update to version 11.7.10 or later, 11.8.6 or later, and 11.9.4 or later respectively.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gitlab
Gitlab Ce/Ee