CVE-2020-10955

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE/CE versions 11.1 through 12.9

Description The issue is related to parameter tampering on an upload feature, allowing unauthorized users to read content available under specific folders. This can lead to information disclosure, potentially enabling a remote attacker to access confidential data.

Recommendations For GitLab EE/CE versions 11.1 through 12.9, consider restricting access to the upload feature to minimize the risk of exploitation. As a temporary workaround, limit the ability for unauthorized users to read content from specific folders until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

BDU:2020-03963

BIT-GITLAB-2020-10955

CVE-2020-10955

DSA-4691-1

Affected Products

Gitlab

Gitlab Ce/Ee

CVE-2020-10955

Weakness Enumeration

Related Identifiers

Affected Products

References · 10