Gitlab -- multiple vulnerabilities

2020-10-01T00:00:00
ID A3495E61-047F-11EB-86EA-001B217B3468
Type freebsd
Reporter FreeBSD
Modified 2020-10-01T00:00:00

Description

Gitlab reports:

Potential Denial Of Service Via Update Release Links API Insecure Storage of Session Key In Redis Improper Access Expiration Date Validation Cross-Site Scripting in Multiple Pages Unauthorized Users Can View Custom Project Template Cross-Site Scripting in SVG Image Preview Incomplete Handling in Account Deletion Insufficient Rate Limiting at Re-Sending Confirmation Email Improper Type Check in GraphQL To-dos Are Not Redacted When Membership Changes Guest users can modify confidentiality attribute Command injection on runner host Insecure Runner Configuration in Kubernetes Environments