FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
12.7.0 <= gitlab-ce < 12.7.4
12.6.0 <= gitlab-ce < 12.6.6
5.3 <= gitlab-ce < 12.5.9

Details

VuXML ID c5bd9068-440f-11ea-9cdb-001b217b3468
Discovery 2020-01-30
Entry 2020-01-31

Gitlab reports:

Path Traversal to Arbitrary File Read

User Permissions Not Validated in ProjectExportWorker

XSS Vulnerability in File API

Package and File Disclosure through GitLab Workhorse

XSS Vulnerability in Create Groups

Issue and Merge Request Activity Counts Exposed

Email Confirmation Bypass Using AP

Disclosure of Forked Private Project Source Code

Private Project Names Exposed in GraphQL queries

Disclosure of Issues and Merge Requests via Todos

Denial of Service via AsciiDoc

Last Pipeline Status Exposed

Arbitrary Change of Pipeline Status

Grafana Token Displayed in Plaintext

Update excon gem

Update rdoc gem

Update rack-cors gem

Update rubyzip gem

References

CVE Name CVE-2019-16779
CVE Name CVE-2019-16892
CVE Name CVE-2019-18978
CVE Name CVE-2020-6833
CVE Name CVE-2020-7966
CVE Name CVE-2020-7967
CVE Name CVE-2020-7968
CVE Name CVE-2020-7969
CVE Name CVE-2020-7971
CVE Name CVE-2020-7972
CVE Name CVE-2020-7973
CVE Name CVE-2020-7974
CVE Name CVE-2020-7976
CVE Name CVE-2020-7977
CVE Name CVE-2020-7978
CVE Name CVE-2020-7979
CVE Name CVE-2020-8114
URL https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/