Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - #VU28334
Published: May 29, 2020
Vulnerability identifier: #VU28334
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
GitLab Enterprise Edition
Gitlab Community Edition
GitLab Enterprise Edition
Detailed vulnerability description
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due Amazon EKS Credentials are disclosed to other administrators of an instance through HTML source code.
Remediation
Install updates from vendor's website.