Fwd: [CIAD-2020-0046] End of Life of Adobe Flash Player

1 year ago 74

End of Life of Adobe Flash Player

Severity Rating: Medium

Systems Affected:

·         GitLab Enterprise Edition 11.3 and later

·         GitLab Community Edition 11.3 and later

Overview

An Information Disclosure vulnerability have been reported in GitLab

Enterprise Edition and GitLab Community Edition which can be exploited by a

remote attacker to gain access to sensitive information.

Description

Information Disclosure Vulnerability (CVE-2020-15525)

This vulnerability exists in the Maven package upload endpoint due to

incorrect access control. An attacker could use it to override restrictions

in the access control. Successful exploitation of this vulnerability could

result in the disclosure of contents of the /tmp directory by the affected

software.

Solution

Update to the latest versions of Gitlab Community Edition and Gitlab

Enterprise Edition as given in the Gitlab Security Release:

ab-13-1-3-released/

Vendor Information

Gitlab

ab-13-1-3-released/

References

Gitlab

ab-13-1-3-released/

NVD

CVEs

CVE-2020-15525

About Cert Advisory

Related Posts

Read Entire Article