[FREEBSD:B17C86B9-E52E-11E9-86E9-001B217B3468] Gitlab -- Multiple Vulnerabilities
Severity
Medium
Affected Packages
1
CVEs
1
SO-AND-SO reports:
XSS in Markdown Preview Using Mermaid
Bypass Email Verification using Salesforce Authentication
Account Takeover using SAML
Uncontrolled Resource Consumption in Markdown using Mermaid
Disclosure of Private Project Path and Labels
Disclosure of Assignees via Milestones
Disclosure of Project Path via Unsubscribe Link
Disclosure of Project Milestones via Groups
Disclosure of Private System Notes via GraphQL
GIT Command Injection via API
Bypass User Blocking via CI/CD token
IDOR Adding Groups to Protected Environments
Disclosure of Group Membership via Merge Request Approval Rules
Disclosure of Head Pipeline via Blocking Merge Request Feature
Grafana update
Package | Affected Version |
---|---|
pkg:freebsd/gitlab-ce | < 12.3.2 |
- ID
- FREEBSD:B17C86B9-E52E-11E9-86E9-001B217B3468
- Severity
- medium
- Severity from
- CVE-2019-19039
- URL
- http://vuxml.freebsd.org/freebsd/b17c86b9-e52e-11e9-86e9-001b217b3468.html
- Published
-
2019-09-30T00:00:00
(5 years ago) - Modified
-
2019-10-02T00:00:00
(5 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/gitlab-ce | gitlab-ce | < 12.3.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |