FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
gitlab-ce < 13.3.0

Details

VuXML ID a003b74f-d7b3-11ea-9df1-001b217b3468
Discovery 2020-08-05
Entry 2020-08-06
Modified 2020-08-25

Gitlab reports:

Arbitrary File Read when Moving an Issue

Memory Exhaustion via Excessive Logging of Invite Email Error

Denial of Service Through Project Import Feature

User Controlled Git Configuration Settings Resulting in SSRF

Stored XSS in Issue Reference Number Tooltip

Stored XSS in Issues List via Milestone Title

Improper Access Control After Group Transfer

Bypass Email Verification Required for OAuth Flow

Confusion When Using Hexadecimal Branch Names

Insufficient OAuth Revocation

Improper Access Control for Project Sharing

Stored XSS in Jobs Page

Improper Access Control of Applications Page

SSRF into Shared Runner

Update Kramdown Gem

[source]

References

CVE Name CVE-2020-10977
CVE Name CVE-2020-13280
CVE Name CVE-2020-13281
CVE Name CVE-2020-14001
URL https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.