Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - #VU28334

 

Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - #VU28334

Published: May 29, 2020


Vulnerability identifier: #VU28334
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due Amazon EKS Credentials are disclosed to other administrators of an instance through HTML source code.


Remediation

Install updates from vendor's website.

Sources