PT-2020-12652 · Microsoft+1 · Nuget+2
Vakzz
·
Published
2020-04-22
·
Updated
2024-03-06
·
CVE-2020-11505
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab Community Edition (CE) versions 12.7.x through 12.7.8
GitLab Community Edition (CE) versions 12.8.x through 12.8.8
GitLab Community Edition (CE) versions 12.9.x through 12.9.2
GitLab Enterprise Edition (EE) versions 12.7.x through 12.7.8
GitLab Enterprise Edition (EE) versions 12.8.x through 12.8.8
GitLab Enterprise Edition (EE) versions 12.9.x through 12.9.2
Description
An issue in GitLab could lead to the exposure of sensitive information via request smuggling, potentially allowing NuGet package and file disclosure.
Recommendations
For GitLab Community Edition (CE) versions 12.7.x through 12.7.8, update to version 12.7.9 or later.
For GitLab Community Edition (CE) versions 12.8.x through 12.8.8, update to version 12.8.9 or later.
For GitLab Community Edition (CE) versions 12.9.x through 12.9.2, update to version 12.9.3 or later.
For GitLab Enterprise Edition (EE) versions 12.7.x through 12.7.8, update to version 12.7.9 or later.
For GitLab Enterprise Edition (EE) versions 12.8.x through 12.8.8, update to version 12.8.9 or later.
For GitLab Enterprise Edition (EE) versions 12.9.x through 12.9.2, update to version 12.9.3 or later.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee
Nuget