CVE-2020-10086 — Path Traversal in Gitlab

CWE-22 — Path Traversal6 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 85.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gitlab Gitlab

Timeline

PublishedMar 13

Latest updateMay 24

Description

GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/gitlab< gitlab 12.6.8-3 (sid)

▶NVDgitlab/gitlab10.4.0 — 12.8.1

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-jg7j-6r85-5w9p: GitLab 10↗2022-05-24

▶

📋Vendor Advisories

Oracle

Oracle Oracle Database Server Risk Matrix: Spatial Studio (Apache Commons Beanutils) — CVE-2019-10086↗2020-07-15

▶

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Admin (Apache Commons Beanutils) — CVE-2019-10086↗2020-04-15

▶

GitLab

CVE-2020-10086: GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitra↗2020-03-13

▶

Debian

CVE-2020-10086: gitlab - GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was...↗2020

▶