Main Vulnerability Database Vulnerabilities #VU28334

Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - #VU28334

Published: May 29, 2020

Vulnerability identifier: #VU28334

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due Amazon EKS Credentials are disclosed to other administrators of an instance through HTML source code.

Install updates from vendor's website.