FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
11.11.0 <= gitlab-ce < 11.11.1
11.10.0 <= gitlab-ce < 11.10.5
6.8.0 <= gitlab-ce < 11.9.12

Details

VuXML ID 4091069e-860b-11e9-a05f-001b217b3468
Discovery 2019-06-03
Entry 2019-06-03

Gitlab reports:

Remote Command Execution Vulnerability on Repository Download Feature

Confidential Issue Titles Revealed to Restricted Users on Unsubscribe

Disclosure of Milestone Metadata through the Search API

Private Project Discovery via Comment Links

Metadata of Confidential Issues Disclosed to Restricted Users

Mandatory External Authentication Provider Sign-In Restrictions Bypass

Internal Projects Allowed to Be Created on in Private Groups

Server-Side Request Forgery Through DNS Rebinding

Stored Cross-Site Scripting on Wiki Pages

Stored Cross-Site Scripting on Notes

Repository Password Disclosed on Import Error Page

Protected Branches Restriction Rules Bypass

Stored Cross-Site Scripting Vulnerability on Child Epics

References

CVE Name CVE-2019-12428
CVE Name CVE-2019-12429
CVE Name CVE-2019-12430
CVE Name CVE-2019-12431
CVE Name CVE-2019-12432
CVE Name CVE-2019-12433
CVE Name CVE-2019-12434
CVE Name CVE-2019-12441
CVE Name CVE-2019-12442
CVE Name CVE-2019-12443
CVE Name CVE-2019-12444
CVE Name CVE-2019-12445
CVE Name CVE-2019-12446
URL https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/