PT-2019-9866 · Gitlab · Gitlab Ce/Ee+1
Mark Chao
·
Publicado
2019-07-10
·
Atualizado
2023-03-01
·
CVE-2018-19583
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 8.0 up to 11.3.10
GitLab CE/EE versions 11.4 up to 11.4.7
GitLab CE/EE versions 11.5 up to 11.5.0
Description
The issue allows administrators with access to the logs to see another user's token, as access tokens are logged in the Workhorse logs.
Recommendations
For GitLab CE/EE versions 8.0 up to 11.3.10, update to version 11.3.11 or later.
For GitLab CE/EE versions 11.4 up to 11.4.7, update to version 11.4.8 or later.
For GitLab CE/EE versions 11.5 up to 11.5.0, update to version 11.5.1 or later.
Correção
Insertion into Log File
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gitlab
Gitlab Ce/Ee