CVE-2019-10109Sensitive Information Exposure in Gitlab

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 66.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedMay 15
Latest updateMay 24

Description

An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDgitlab/gitlab11.8.011.8.4+2
debiandebian/gitlab< gitlab 11.8.6+dfsg-1 (sid)
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-54h4-gjc6-h34h: An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 112022-05-24
OSV
CVE-2019-10109: An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 112019-05-15

📋Vendor Advisories

2
GitLab
CVE-2019-10109: An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x2019-05-15
Debian
CVE-2019-10109: gitlab - An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community ...2019