FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
11.6.0 <= gitlab-ce < 11.6.1
11.5.0 <= gitlab-ce < 11.5.6
8.0.0 <= gitlab-ce < 11.4.13

Details

VuXML ID b2f4ab91-0e6b-11e9-8700-001b217b3468
Discovery 2018-12-31
Entry 2019-01-02

Gitlab reports:

Source code disclosure merge request diff

Todos improper access control

URL rel attribute not set

Persistent XSS Autocompletion

SSRF repository mirroring

CI job token LFS error message disclosure

Secret CI variable exposure

Guest user CI job disclosure

Persistent XSS label reference

Persistent XSS wiki in IE browser

SSRF in project imports with LFS

Improper access control CI/CD settings

Missing authorization control merge requests

Improper access control branches and tags

Missing authentication for Prometheus alert endpoint

References

CVE Name CVE-2018-20488
CVE Name CVE-2018-20489
CVE Name CVE-2018-20490
CVE Name CVE-2018-20491
CVE Name CVE-2018-20492
CVE Name CVE-2018-20493
CVE Name CVE-2018-20494
CVE Name CVE-2018-20495
CVE Name CVE-2018-20496
CVE Name CVE-2018-20497
CVE Name CVE-2018-20498
CVE Name CVE-2018-20499
CVE Name CVE-2018-20500
CVE Name CVE-2018-20501
CVE Name CVE-2018-20507
URL https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/