CVE-2020-10087

Published: Mar 13, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

Affected (2)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Up to 12.8.1
Gitlab Gitlab	Up to 12.8.1

References (4)

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.