CVE-2020-10955

Опубликовано: 27 мар. 2020

Источник: debian

Описание

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	fixed	12.8.8-1	experimental	package
gitlab	fixed	13.2.3-2		package

Примечания

https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/

Связанные уязвимости

CVE-2020-10955

CVSS3: 6.5

ubuntu

около 5 лет назад

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

CVE-2020-10955

CVSS3: 6.5

nvd

около 5 лет назад

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

GHSA-4hq6-hm84-9r6r

CVSS3: 6.5

github

около 3 лет назад

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

BDU:2020-03963

CVSS3: 6.5

fstec

около 5 лет назад

Уязвимость системы управления репозиториями кода Gitlab, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным