End of Life of Adobe Flash Player
Severity Rating: Medium
Systems Affected:
· GitLab Enterprise Edition 11.3 and later
· GitLab Community Edition 11.3 and later
Overview
An Information Disclosure vulnerability have been reported in GitLab
Enterprise Edition and GitLab Community Edition which can be exploited by a
remote attacker to gain access to sensitive information.
Description
Information Disclosure Vulnerability (CVE-2020-15525)
This vulnerability exists in the Maven package upload endpoint due to
incorrect access control. An attacker could use it to override restrictions
in the access control. Successful exploitation of this vulnerability could
result in the disclosure of contents of the /tmp directory by the affected
software.
Solution
Update to the latest versions of Gitlab Community Edition and Gitlab
Enterprise Edition as given in the Gitlab Security Release:
ab-13-1-3-released/
Vendor Information
Gitlab
ab-13-1-3-released/
References
Gitlab
ab-13-1-3-released/
NVD
CVEs
CVE-2020-15525
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.