CVE-2020-11505

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-11505

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11505.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-11505

Aliases

BIT-gitlab-2020-11505

Related

CGA-9g2m-7cqq-4w23

Published

2020-04-22T20:15:11.327Z

Modified

2026-02-09T07:36:02.317994Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Fixed

653aeeabba2ac7b5510af3901d1e684436ca901c

Introduced

073a4ba8016203c9e48595afd3ddea430d9420a3

Fixed

7c13691fb8ee04fc566782d3aa3e84b447a85edc

Introduced

0bd32f788647bb832f3d9eb5746cbda5300e0fa2

Fixed

bdf986aa14379fc3e5981b186320cc23f0ab31a9

Affected versions

v12.*

v12.8.0-ee

v12.8.1-ee

v12.8.2-ee

v12.8.3-ee

v12.8.4-ee

v12.8.5-ee

v12.8.6-ee

v12.8.7-ee

v12.8.8-ee

v12.9.0-ee

v12.9.1-ee

v12.9.2-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11505.json"