PT-2023-11341 · Gitlab · Gitlab Ce/Ee+2

Publicado

2023-04-15

Atualizado

2023-04-25

CVE-2019-14942

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab Community and Enterprise Edition versions 11.11.8 and earlier, 12.0.6 and earlier, 12.1.6 and earlier

Description An issue was discovered in GitLab where cookies for GitLab Pages, which have access control, could be sent over cleartext HTTP.

Recommendations For GitLab Community and Enterprise Edition versions 11.11.8 and earlier, update to version 11.11.8 or later. For GitLab Community and Enterprise Edition versions 12.0.6 and earlier, update to version 12.0.6 or later. For GitLab Community and Enterprise Edition versions 12.1.6 and earlier, update to version 12.1.6 or later.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2019-14942

Produtos afetados

Gitlab

Gitlab Ce/Ee

Gitlab Pages

PT-2023-11341 · Gitlab · Gitlab Ce/Ee+2

CVE-2019-14942

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9