Rgupt

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.7.8 and earlier, 11.8.x before 11.8.4, and 11.9.x before 11.9.2 GitLab Community and Enterprise Edition versions 11.7.10 and earlier, 11.8.x before 11.8.6, and 11.9.x before 11.9.4 Description: An Information Exposure issue was discovered in GitLab Community and Enterprise Edition. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present). Recommendations: For versions 11.7.8 and earlier, 11.8.x before 11.8.4, and 11.9.x before 11.9.2, update to version 11.7.8 or later, 11.8.4 or later, and 11.9.2 or later respectively. For versions 11.7.10 and earlier, 11.8.x before 11.8.6, and 11.9.x before 11.9.4, update to version 11.7.10 or later, 11.8.6 or later, and 11.9.4 or later respectively.