An Information Exposure issue (issue 1 of 2) exists in GitLab Community and Enterprise Edition prior to 11.7.8, 11.8.x prior to 11.8.4, and 11.9.x prior to 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |