[FREEBSD:DA459DBC-5586-11E9-ABD6-001B217B3468] Gitlab -- Multiple vulnerabilities
Severity
High
Affected Packages
1
CVEs
12
Gitlab reports:
DoS potential for regex in CI/CD refs
Related branches visible in issues for guests
Persistent XSS at merge request resolve conflicts
Improper authorization control "move issue"
Guest users of private projects have access to releases
DoS potential on project languages page
Recurity assessment: information exposure through timing discrepancy
Recurity assessment: loginState HMAC issues
Recurity assessment: open redirect
PDF.js vulnerable to CVE-2018-5158
IDOR labels of private projects/groups
EXIF geolocation data not stripped from uploaded images
Package | Affected Version |
---|---|
pkg:freebsd/gitlab-ce | < 11.9.4 |
- ID
- FREEBSD:DA459DBC-5586-11E9-ABD6-001B217B3468
- Severity
- high
- Severity from
- CVE-2018-5158
- URL
- http://vuxml.freebsd.org/freebsd/da459dbc-5586-11e9-abd6-001b217b3468.html
- Published
-
2019-04-01T00:00:00
(5 years ago) - Modified
-
2019-04-02T00:00:00
(5 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ASA-201805-10
- DSA-4199-1
- ELSA-2018-1414
- ELSA-2018-1415
- FREEBSD:5AEFC41E-D304-4EC8-8C82-824F84F08244
- GLSA-201810-01
- MFSA-2018-11
- MFSA-2018-12
- NPM:GHSA-7JG2-JGV3-FMR4
- RHSA-2018:1414
- RHSA-2018:1415
- SUSE-SU-2018:1319-1
- SUSE-SU-2018:1334-1
- SUSE-SU-2018:1334-2
- SUSE-SU-2018:2298-1
- SUSE-SU-2019:2872-1
- USN-3645-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/gitlab-ce | gitlab-ce | < 11.9.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |