FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
10.5.0 <= gitlab < 10.5.6
10.4.0 <= gitlab < 10.4.6
8.3 <= gitlab < 10.3.9

Details

VuXML ID dc0c201c-31da-11e8-ac53-d8cb8abf62dd
Discovery 2018-03-20
Entry 2018-03-27
Modified 2018-04-07

GitLab reports:

SSRF in services and web hooks

There were multiple server-side request forgery issues in the Services feature. An attacker could make requests to servers within the same network of the GitLab instance. This could lead to information disclosure, authentication bypass, or potentially code execution. This issue has been assigned CVE-2018-8801.

Gitlab Auth0 integration issue

There was an issue with the GitLab omniauth-auth0 configuration which resulted in the Auth0 integration signing in the wrong users.

References

CVE Name CVE-2018-8801
URL https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/