FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
13.0.0 <= gitlab-ce < 13.0.1
12.10.0 <= gitlab-ce < 12.10.7
12.9.0 <= gitlab-ce < 12.9.8

Details

VuXML ID 69cf62a8-a0aa-11ea-9ea5-001b217b3468
Discovery 2020-05-27
Entry 2020-05-28

Gitlab reports:

User Email Verification Bypass

OAuth Flow Missing Email Verification Checks

Notification Email Verification Bypass

Undisclosed Vulnerability on a Third-Party Rendering Engine

Group Sign-Up Restriction Bypass

Mirror Project Owner Impersonation

Missing Permission Check on Fork Relation Creation

Cross-Site Scripting in Repository Files API

Kubernetes Cluster Token Disclosure

Object Storage File Enumeration

Insecure Authorization Check on Project Deploy Keys

Cross-Site Scripting on Metrics Dashboard

Denial of Service on Custom Dashboards

Client-Side Code Injection through Mermaid Markup

Cross-Site Scripting on Static Site Editor

Disclosure of Amazon EKS Credentials

Denial of Service on Workhorse

References

URL https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/