CVE-2020-10087
published 2020-03-13CVE-2020-10087: GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.17%
63.6th percentile
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | <= 12.8.1 | — |
| gitlab | gitlab | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2020-10087: GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP addr
vendor_gitlab·2020-03-13·CVSS 7.5
CVE-2020-10087 [HIGH] CVE-2020-10087: GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP addr
CVE-2020-10087: GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
Debian
CVE-2020-10087: gitlab - GitLab before 12.8.2 allows Information Disclosure. Badge images were not being ...
vendor_debian·2020·CVSS 7.5
CVE-2020-10087 [HIGH] CVE-2020-10087: gitlab - GitLab before 12.8.2 allows Information Disclosure. Badge images were not being ...
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-qgvm-92m2-j87g: GitLab before 12
ghsa_unreviewed·2022-05-24
CVE-2020-10087 [MEDIUM] CWE-200 GHSA-qgvm-92m2-j87g: GitLab before 12
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
OSV
CVE-2020-10087: GitLab before 12
osv·2020-03-13·CVSS 7.5
CVE-2020-10087 [HIGH] CVE-2020-10087: GitLab before 12
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.htmlhttps://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
2020-03-13
Published