PT-2023-11341 · Gitlab · Gitlab Ce/Ee+2

Published

2023-04-15

Updated

2023-04-25

CVE-2019-14942

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab Community and Enterprise Edition versions 11.11.8 and earlier, 12.0.6 and earlier, 12.1.6 and earlier

Description An issue was discovered in GitLab where cookies for GitLab Pages, which have access control, could be sent over cleartext HTTP.

Recommendations For GitLab Community and Enterprise Edition versions 11.11.8 and earlier, update to version 11.11.8 or later. For GitLab Community and Enterprise Edition versions 12.0.6 and earlier, update to version 12.0.6 or later. For GitLab Community and Enterprise Edition versions 12.1.6 and earlier, update to version 12.1.6 or later.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-14942

Affected Products

Gitlab

Gitlab Ce/Ee

Gitlab Pages

PT-2023-11341 · Gitlab · Gitlab Ce/Ee+2

CVE-2019-14942

Weakness Enumeration

Related Identifiers

Affected Products

References · 9