FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
12.0.0 <= gitlab-ce < 12.0.3
11.11.0 <= gitlab-ce < 11.11.5
8.3.0 <= gitlab-ce < 11.10.8

Details

VuXML ID 4ea507d1-9da8-11e9-a759-001b217b3468
Discovery 2019-07-03
Entry 2019-07-03

Gitlab reports:

Ability to Write a Note to a Private Snippet

Recent Pipeline Information Disclosed to Unauthorised Users

Resource Exhaustion Attack

Error Caused by Encoded Characters in Comments

Authorization Issues in GraphQL

Number of Merge Requests was Accessible

Enabling One of the Service Templates Could Cause Resource Depletion

Broken Access Control for the Content of Personal Snippets

Decoding Color Codes Caused Resource Depletion

Merge Request Template Name Disclosure

SSRF Vulnerability in Project GitHub Integration

References

CVE Name CVE-2019-13001
CVE Name CVE-2019-13002
CVE Name CVE-2019-13003
CVE Name CVE-2019-13004
CVE Name CVE-2019-13005
CVE Name CVE-2019-13006
CVE Name CVE-2019-13007
CVE Name CVE-2019-13009
CVE Name CVE-2019-13010
CVE Name CVE-2019-13011
CVE Name CVE-2019-13121
URL https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/