FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
12.3.0 <= gitlab-ce < 12.3.2
12.2.0 <= gitlab-ce < 12.2.6
7.12.0 <= gitlab-ce < 12.1.12

Details

VuXML ID b17c86b9-e52e-11e9-86e9-001b217b3468
Discovery 2019-09-30
Entry 2019-10-02

SO-AND-SO reports:

XSS in Markdown Preview Using Mermaid

Bypass Email Verification using Salesforce Authentication

Account Takeover using SAML

Uncontrolled Resource Consumption in Markdown using Mermaid

Disclosure of Private Project Path and Labels

Disclosure of Assignees via Milestones

Disclosure of Project Path via Unsubscribe Link

Disclosure of Project Milestones via Groups

Disclosure of Private System Notes via GraphQL

GIT Command Injection via API

Bypass User Blocking via CI/CD token

IDOR Adding Groups to Protected Environments

Disclosure of Group Membership via Merge Request Approval Rules

Disclosure of Head Pipeline via Blocking Merge Request Feature

Grafana update

References

CVE Name CVE-2019-19039
URL https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/