Design/Logic Flaw

2020-02-0517:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.

CPENameOperatorVersion
gitlabge12.6.0
gitlablt12.6.6
gitlabge12.7.2
gitlablt12.7.4
gitlabge11.3.0
gitlablt12.5.9

Name	Operator	Version
gitlab	ge	12.6.0
gitlab	lt	12.6.6
gitlab	ge	12.7.2
gitlab	lt	12.7.4
gitlab	ge	11.3.0
gitlab	lt	12.5.9

References

about.gitlab.com/blog/categories/releases/

about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/