[FREEBSD:B17C86B9-E52E-11E9-86E9-001B217B3468] Gitlab -- Multiple Vulnerabilities

Severity Medium

Affected Packages 1

CVEs 1

SO-AND-SO reports:

  XSS in Markdown Preview Using Mermaid
  Bypass Email Verification using Salesforce Authentication
  Account Takeover using SAML
  Uncontrolled Resource Consumption in Markdown using Mermaid
  Disclosure of Private Project Path and Labels
  Disclosure of Assignees via Milestones
  Disclosure of Project Path via Unsubscribe Link
  Disclosure of Project Milestones via Groups
  Disclosure of Private System Notes via GraphQL
  GIT Command Injection via API
  Bypass User Blocking via CI/CD token
  IDOR Adding Groups to Protected Environments
  Disclosure of Group Membership via Merge Request Approval Rules
  Disclosure of Head Pipeline via Blocking Merge Request Feature
  Grafana update

Package	Affected Version
pkg:freebsd/gitlab-ce	< 12.3.2

ID

FREEBSD:B17C86B9-E52E-11E9-86E9-001B217B3468

Severity

medium

Severity from

CVE-2019-19039

URL

http://vuxml.freebsd.org/freebsd/b17c86b9-e52e-11e9-86e9-001b217b3468.html

Published

2019-09-30T00:00:00
(5 years ago)

Modified

2019-10-02T00:00:00
(5 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

USN-4414-1

Source	# ID	Name	URL
FreeBSD VuXML			https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/gitlab-ce		gitlab-ce	< 12.3.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date