FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
13.10.0 <= gitlab-ce < 13.10.1
13.9.0 <= gitlab-ce < 13.9.5
9 <= gitlab-ce < 13.8.7

Details

VuXML ID 56abf87b-96ad-11eb-a218-001b217b3468
Discovery 2021-03-31
Entry 2021-04-06

Gitlab reports:

Arbitrary File Read During Project Import

Kroki Arbitrary File Read/Write

Stored Cross-Site-Scripting in merge requests

Access data of an internal project through a public project fork as an anonymous user

Incident metric images can be deleted by any user

Infinite Loop When a User Access a Merge Request

Stored XSS in scoped labels

Admin CSRF in System Hooks Execution Through API

Update OpenSSL dependency

Update PostgreSQL dependency

[source]

References

URL https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.