FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
11.7.0 <= gitlab-ce < 11.7.3
11.6.0 <= gitlab-ce < 11.6.8
0.0.0 <= gitlab-ce < 11.5.10


VuXML ID 467b7cbe-257d-11e9-8573-001b217b3468
Discovery 2019-01-31
Entry 2019-01-31

Gitlab reports:

Remote Command Execution via GitLab Pages

Covert Redirect to Steal GitHub/Bitbucket Tokens

Remote Mirror Branches Leaked by Git Transfer Refs

Denial of Service with Markdown

Guests Can View List of Group Merge Requests

Guest Can View Merge Request Titles via System Notes

Persistent XSS via KaTeX

Emails Sent to Unauthorized Users

Hyperlink Injection in Notification Emails

Unauthorized Access to LFS Objects

Trigger Token Exposure

Upgrade Rails to and 4.2.11

Contributed Project Information Visible in Private Profile

Imported Project Retains Prior Visibility Setting

Error disclosure on Project Import

Persistent XSS in User Status

Last Commit Status Leaked to Guest Users

Mitigations for IDN Homograph and RTLO Attacks

Access to Internal Wiki When External Wiki Enabled

User Can Comment on Locked Project Issues

Unauthorized Reaction Emojis by Guest Users

User Retains Project Role After Removal from Private Group

GitHub Token Leaked to Maintainers

Unauthenticated Blind SSRF in Jira Integration

Unauthorized Access to Group Membership

Validate SAML Response in Group SAML SSO


CVE Name CVE-2018-16476
CVE Name CVE-2019-6781
CVE Name CVE-2019-6782
CVE Name CVE-2019-6783
CVE Name CVE-2019-6784
CVE Name CVE-2019-6785
CVE Name CVE-2019-6786
CVE Name CVE-2019-6787
CVE Name CVE-2019-6788
CVE Name CVE-2019-6789
CVE Name CVE-2019-6790
CVE Name CVE-2019-6791
CVE Name CVE-2019-6792
CVE Name CVE-2019-6793
CVE Name CVE-2019-6794
CVE Name CVE-2019-6795
CVE Name CVE-2019-6796
CVE Name CVE-2019-6797
CVE Name CVE-2019-6960
CVE Name CVE-2019-6995
CVE Name CVE-2019-6996
CVE Name CVE-2019-6997
CVE Name CVE-2019-7155
CVE Name CVE-2019-7176