FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
13.8.0 <= gitlab-ce < 13.8.4
13.7.0 <= gitlab-ce < 13.7.7
10.5 <= gitlab-ce < 13.6.7

Details

VuXML ID 1020d401-6d2d-11eb-ab0b-001b217b3468
Discovery 2021-02-11
Entry 2021-02-12

Gitlab reports:

Improper Certificate Validation for Fortinet OTP

Denial of Service Attack on gitlab-shell

Resource exhaustion due to pending jobs

Confidential issue titles were exposed

Improper access control allowed demoted project members to access authored merge requests

Improper access control allowed unauthorized users to access analytic pages

Unauthenticated CI lint API may lead to information disclosure and SSRF

Prometheus integration in Gitlab may lead to SSRF

References

URL https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/