FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
11.9.0 <= gitlab-ce < 11.9.4
11.8.0 <= gitlab-ce < 11.8.6
gitlab-ce < 11.7.10

Details

VuXML ID da459dbc-5586-11e9-abd6-001b217b3468
Discovery 2019-04-01
Entry 2019-04-02

Gitlab reports:

DoS potential for regex in CI/CD refs

Related branches visible in issues for guests

Persistent XSS at merge request resolve conflicts

Improper authorization control "move issue"

Guest users of private projects have access to releases

DoS potential on project languages page

Recurity assessment: information exposure through timing discrepancy

Recurity assessment: loginState HMAC issues

Recurity assessment: open redirect

PDF.js vulnerable to CVE-2018-5158

IDOR labels of private projects/groups

EXIF geolocation data not stripped from uploaded images

References

CVE Name CVE-2018-5158
CVE Name CVE-2019-10108
CVE Name CVE-2019-10109
CVE Name CVE-2019-10110
CVE Name CVE-2019-10111
CVE Name CVE-2019-10112
CVE Name CVE-2019-10113
CVE Name CVE-2019-10114
CVE Name CVE-2019-10115
CVE Name CVE-2019-10116
CVE Name CVE-2019-10117
CVE Name CVE-2019-10640
URL https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/