FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
11.2.0 <= gitlab-ce < 11.2.3
11.1.0 <= gitlab-ce < 11.1.6
2.7.0 <= gitlab-ce < 11.0.6

Details

VuXML ID ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd
Discovery 2018-08-28
Entry 2018-08-30

Gitlab reports:

Persistent XSS in Pipeline Tooltip

GitLab.com GCP Endpoints Exposure

Persistent XSS in Merge Request Changes View

Sensitive Data Disclosure in Sidekiq Logs

Missing CSRF in System Hooks

Orphaned Upload Files Exposure

Missing Authorization Control API Repository Storage

[source]

References

URL https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.