CVE-2020-10087

Опубликовано: 13 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

Ссылки

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
Release Notes
Vendor Advisory
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия до 12.8.1 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия до 12.8.1 (включая)

EPSS

Процентиль: 24%

0.00077

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2020-10087

CVSS3: 7.5

ubuntu

больше 5 лет назад

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

CVE-2020-10087

CVSS3: 7.5

debian

больше 5 лет назад

GitLab before 12.8.2 allows Information Disclosure. Badge images were ...

GHSA-qgvm-92m2-j87g

CVSS3: 7.5

github

около 3 лет назад

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

EPSS

Процентиль: 24%

0.00077

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other