[FREEBSD:A2A2B34D-52B4-11EB-87CB-001B217B3468] Gitlab -- multiple vulnerabilities
Severity
High
Affected Packages
1
CVEs
3
Gitlab reports:
Ability to steal a user's API access token through GitLab Pages
Prometheus denial of service via HTTP request with custom method
Unauthorized user is able to access private repository information under specific conditions
Regular expression denial of service in NuGet API
Regular expression denial of service in package uploads
Update curl dependency
CVE-2019-3881 mitigation
Package | Affected Version |
---|---|
pkg:freebsd/gitlab-ce | < 13.7.2 |
- ID
- FREEBSD:A2A2B34D-52B4-11EB-87CB-001B217B3468
- Severity
- high
- Severity from
- CVE-2019-3881
- URL
- http://vuxml.freebsd.org/freebsd/a2a2b34d-52b4-11eb-87cb-001b217b3468.html
- Published
-
2021-01-07T00:00:00
(3 years ago) - Modified
-
2021-01-09T00:00:00
(3 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/gitlab-ce | gitlab-ce | < 13.7.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |