PT-2019-14361 · Gitlab · Gitlab Ce/Ee+1

Jbroullon

Published

2019-09-16

Updated

2019-09-17

CVE-2019-15740

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab Community and Enterprise Edition versions 7.9 through 12.2.1

Description An issue was discovered where EXIF Geolocation data was not being removed from certain image uploads.

Recommendations For versions 7.9 through 12.2.1, consider removing EXIF data from image uploads manually until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-15740

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2019-14361 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-15740

Weakness Enumeration

Related Identifiers

Affected Products

References · 9