FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
11.0.0 <= gitlab < 11.0.1
10.8.0 <= gitlab < 10.8.5
4.1 <= gitlab < 10.7.6

Details

VuXML ID b950a83b-789e-11e8-8545-d8cb8abf62dd
Discovery 2018-06-25
Entry 2018-06-25

Gitlab reports:

Wiki XSS

Sanitize gem updates

XSS in url_for(params)

Content injection via username

Activity feed publicly displaying internal project names

Persistent XSS in charts

References

CVE Name CVE-2018-12605
CVE Name CVE-2018-12606
CVE Name CVE-2018-12607
CVE Name CVE-2018-3740
URL https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/