FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
10.6.0 <= gitlab < 10.6.3
10.5.0 <= gitlab < 10.5.7
8.6 <= gitlab < 10.4.7

Details

VuXML ID 085a087b-3897-11e8-ac53-d8cb8abf62dd
Discovery 2018-04-04
Entry 2018-04-05

GitLab reports:

Confidential issue comments in Slack, Mattermost, and webhook integrations.

Persistent XSS in milestones data-milestone-id.

Persistent XSS in filename of merge request.

References

URL https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/