FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
12.10.0 <= gitlab-ce < 12.10.2
12.9.0 <= gitlab-ce < 12.9.5
8.4.0 <= gitlab-ce < 12.8.10

Details

VuXML ID e8483115-8b8e-11ea-bdcf-001b217b3468
Discovery 2020-04-30
Entry 2020-05-01

Gitlab reports:

Path Traversal in NuGet Package Registry

Workhorse Bypass Leads to File Disclosure

OAuth Application Client Secrets Revealed

Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes

Code Owners Protection Not Enforced from Web UI

Repository Mirror Passwords Exposed To Maintainers

Admin Audit Log Page Denial of Service

Private Project ID Revealed Through Group API

Elasticsearch Credentials Logged to ELK

GitHub Personal Access Token Exposed on Integrations Page

Update Nokogiri dependency

Update OpenSSL Dependency

Update git

References

CVE Name CVE-2020-10187
CVE Name CVE-2020-11008
CVE Name CVE-2020-12448
CVE Name CVE-2020-1967
CVE Name CVE-2020-7595
URL https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/