FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
13.6.0 <= gitlab-ce < 13.6.2
13.5.0 <= gitlab-ce < 13.5.5
12.2 <= gitlab-ce < 13.4.9

Details

VuXML ID 5d5e5cda-38e6-11eb-bbbf-001b217b3468
Discovery 2020-12-07
Entry 2020-12-07

Gitlab reports:

XSS in Zoom Meeting URL

Limited Information Disclosure in Private Profile

User email exposed via GraphQL endpoint

Group and project membership potentially exposed via GraphQL

Search terms logged in search parameter in rails logs

Un-authorised access to feature flag user list

A specific query on the explore page causes statement timeouts

Exposure of starred projects on private user profiles

Uncontrolled Resource Consumption in any Markdown field using Mermaid

Former group members able to view updates to confidential epics

Update GraphicsMagick dependency

Update GnuPG dependency

Update libxml dependency

References

CVE Name CVE-2020-13357
CVE Name CVE-2020-26407
CVE Name CVE-2020-26408
CVE Name CVE-2020-26409
CVE Name CVE-2020-26411
URL https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/