FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
11.2.0 <= gitlab-ce < 11.2.3
11.1.0 <= gitlab-ce < 11.1.6
2.7.0 <= gitlab-ce < 11.0.6

Details

VuXML ID ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd
Discovery 2018-08-28
Entry 2018-08-30

Gitlab reports:

Persistent XSS in Pipeline Tooltip

GitLab.com GCP Endpoints Exposure

Persistent XSS in Merge Request Changes View

Sensitive Data Disclosure in Sidekiq Logs

Missing CSRF in System Hooks

Orphaned Upload Files Exposure

Missing Authorization Control API Repository Storage

References

URL https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/