FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
13.1.0 <= gitlab-ce < 13.1.2
13.0.0 <= gitlab-ce < 13.0.8
0 <= gitlab-ce < 12.10.13

Details

VuXML ID 0a305431-bc98-11ea-a051-001b217b3468
Discovery 2020-07-01
Entry 2020-07-02

Gitlab reports:

Missing Permission Check on Time Tracking

Cross-Site Scripting in PyPi Files API

Insecure Authorization Check on Private Project Security Dashboard

Cross-Site Scripting in References

Cross-Site Scripting in Group Names

Cross-Site Scripting in Blob Viewer

Cross-Site Scripting in Error Tracking

Insecure Authorisation Check on Creation and Deletion of Deploy Tokens

User Name Format Restiction Bypass

Denial of Service in Issue Comments

Cross-Site Scripting in Wiki Pages

Private Merge Request Updates Leaked via Todos

Private User Activity Leaked via API

Cross-Site Scripting in Bitbucket Import Feature

Github Project Restriction Bypass

Update PCRE Dependency

Update Kaminari Gem

Cross-Site Scripting in User Profile

Update Xterm.js

References

CVE Name CVE-2019-0542
CVE Name CVE-2020-11082
CVE Name CVE-2020-14155
URL https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/