PT-2020-12653 · Gitlab · Gitlab
Manassehzhou
·
Published
2020-04-22
·
Updated
2024-03-06
·
CVE-2020-11506
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab versions 10.7.0 through 12.9.2
Description
An issue in GitLab allows a Workhorse bypass, which could lead to job artifact uploads and file disclosure, resulting in the exposure of sensitive information via request smuggling.
Recommendations
For GitLab versions 10.7.0 through 12.9.2, update to a version that contains a fix for this issue to prevent Workhorse bypass and potential file disclosure.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab