PT-2020-10134 · Gitlab · Gitlab Ce/Ee+1

Xanbanx

Published

2020-01-05

Updated

2020-01-10

CVE-2019-19314

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE versions 8.4 through 12.5 GitLab EE version 12.4.3 GitLab EE version 12.3.6

Description The issue concerns the storage of several tokens in plaintext.

Recommendations For GitLab EE versions 8.4 through 12.5, update to a version that does not store tokens in plaintext. For GitLab EE version 12.4.3, update to a version that does not store tokens in plaintext. For GitLab EE version 12.3.6, update to a version that does not store tokens in plaintext.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2019-19314

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-10134 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-19314

Weakness Enumeration

Related Identifiers

Affected Products

References · 5