Gitlab -- Multiple Vulnerabilities

2019-08-29T00:00:00
ID B68CC195-CAE7-11E9-86E9-001B217B3468
Type freebsd
Reporter FreeBSD
Modified 2019-08-29T00:00:00

Description

Gitlab reports:

Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User IP Disclosed by Embedded Image and Media Label Description HTML Injection IDOR in Epic Notes API Push Rule Bypass Project Visibility Restriction Bypass Merge Request Discussion Restriction Bypass Disclosure of Merge Request IDs Weak Authentication In Certain Account Actions Disclosure of Commit Title and Comments Stored XSS via Markdown EXIF Geolocation Data Exposure Multiple SSRF Regressions on Gitaly Default Branch Name Exposure Potential Denial of Service via CI Pipelines Privilege Escalation via Logrotate