FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
11.4.0 <= gitlab-ce < 11.4.3
11.3.0 <= gitlab-ce < 11.3.8
5.3.0 <= gitlab-ce < 11.2.7

Details

VuXML ID b9591212-dba7-11e8-9416-001b217b3468
Discovery 2018-10-29
Entry 2018-10-29

Gitlab reports:

RCE in Gitlab Wiki API

SSRF in Hipchat integration

Cleartext storage of personal access tokens

Information exposure through stack trace error message

Persistent XSS autocomplete

Information exposure in stored browser history

Information exposure when replying to issues through email

Persistent XSS in License Management and Security Reports

Metrics information disclosure in Prometheus integration

Unauthorized changes to a protected branch's access levels

References

CVE Name CVE-2018-18640
CVE Name CVE-2018-18641
CVE Name CVE-2018-18642
CVE Name CVE-2018-18643
CVE Name CVE-2018-18644
CVE Name CVE-2018-18645
CVE Name CVE-2018-18646
CVE Name CVE-2018-18647
CVE Name CVE-2018-18648
CVE Name CVE-2018-18649
URL https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/