FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
12.6.0	<=	gitlab-ce	<	12.6.2
12.5.0	<=	gitlab-ce	<	12.5.6
5.1.0	<=	gitlab-ce	<	12.4.7

Details

VuXML ID	01bde18a-2e09-11ea-a935-001b217b3468
Discovery	2020-01-02
Entry	2020-01-03

SO-AND-SO reports:

Group Maintainers Can Update/Delete Group Runners Using API

GraphQL Queries Can Hang the Application

Unauthorized Users Have Access to Milestones of Releases

Private Group Name Revealed Through Protected Tags API

Users Can Publish Reviews on Locked Merge Requests

DoS in the Issue and Commit Comments Pages

Project Name Disclosed Through Unsubscribe Link

Private Project Name Disclosed Through Notification Settings

[source]

References

CVE Name	CVE-2019-20142
CVE Name	CVE-2019-20143
CVE Name	CVE-2019-20144
CVE Name	CVE-2019-20145
CVE Name	CVE-2019-20146
CVE Name	CVE-2019-20147
CVE Name	CVE-2019-20148
CVE Name	CVE-2020-5197
URL	https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/