FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
11.3.0 <= gitlab-ce < 11.3.1
11.2.0 <= gitlab-ce < 11.2.4
7.6.0 <= gitlab-ce < 11.1.7

Details

VuXML ID 065b3b72-c5ab-11e8-9ae2-001b217b3468
Discovery 2018-10-01
Entry 2018-10-01

Gitlab reports:

SSRF GCP access token disclosure

Persistent XSS on issue details

Diff formatter DoS in Sidekiq jobs

Confidential information disclosure in events API endpoint

validate_localhost function in url_blocker.rb could be bypassed

Slack integration CSRF Oauth2

GRPC::Unknown logging token disclosure

IDOR merge request approvals

Persistent XSS package.json

Persistent XSS merge request project import

[source]

References

CVE Name CVE-2018-15472
CVE Name CVE-2018-17449
CVE Name CVE-2018-17450
CVE Name CVE-2018-17451
CVE Name CVE-2018-17452
CVE Name CVE-2018-17453
CVE Name CVE-2018-17454
CVE Name CVE-2018-17455
CVE Name CVE-2018-17536
CVE Name CVE-2018-17537
URL https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.