Описание
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
Ссылки
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.7.0 (включая) до 12.7.9 (исключая)Версия от 10.7.9 (включая) до 12.7.9 (исключая)Версия от 12.8.0 (включая) до 12.8.9 (исключая)Версия от 12.8.0 (включая) до 12.8.9 (исключая)Версия от 12.9.0 (включая) до 12.9.3 (исключая)Версия от 12.9.0 (включая) до 12.9.3 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-444
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 6 лет назад
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS3: 7.5
debian
почти 6 лет назад
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...
github
больше 3 лет назад
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
EPSS
Процентиль: 21%
0.00067
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-444