FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
11.5.0 <= gitlab-ce < 11.5.1
11.4.0 <= gitlab-ce < 11.4.8
0 <= gitlab-ce < 11.3.11

Details

VuXML ID 8a4aba2d-f33e-11e8-9416-001b217b3468
Discovery 2018-11-28
Entry 2018-11-28

Gitlab reports:

View Names of Private Groups

Persistent XSS in Environments

SSRF in Prometheus integration

Unauthorized Promotion of Milestones

Exposure of Confidential Issue Title

Persisent XSS in Markdown Fields via Mermaid Script

Persistent XSS in Markdown Fields via Unrecognized HTML Tags

Symlink Race Condition in Pages

Unauthorized Changes by Guest User in Issues

Unauthorized Comments on Locked Issues

Improper Enforcement of Token Scope

CRLF Injection in Project Mirroring

XSS in OAuth Authorization

SSRF in Webhooks

Send Email on Email Address Change

Workhorse Logs Contained Tokens

Unauthorized Publishing of Draft Comments

Guest Can Set Weight of a New Issue

Disclosure of Private Group's Members and Milestones

Persisent XSS in Operations

Reporter Can View Operations Page

[source]

References

CVE Name CVE-2018-19493
CVE Name CVE-2018-19494
CVE Name CVE-2018-19495
CVE Name CVE-2018-19496
CVE Name CVE-2018-19569
CVE Name CVE-2018-19570
CVE Name CVE-2018-19571
CVE Name CVE-2018-19572
CVE Name CVE-2018-19573
CVE Name CVE-2018-19574
CVE Name CVE-2018-19575
CVE Name CVE-2018-19576
CVE Name CVE-2018-19577
CVE Name CVE-2018-19578
CVE Name CVE-2018-19579
CVE Name CVE-2018-19580
CVE Name CVE-2018-19581
CVE Name CVE-2018-19582
CVE Name CVE-2018-19583
CVE Name CVE-2018-19584
CVE Name CVE-2018-19585
URL https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.