Gitlab -- Multiple Vulnerabilities

2020-01-30T00:00:00
ID C5BD9068-440F-11EA-9CDB-001B217B3468
Type freebsd
Reporter FreeBSD
Modified 2020-01-30T00:00:00

Description

Gitlab reports:

Path Traversal to Arbitrary File Read User Permissions Not Validated in ProjectExportWorker XSS Vulnerability in File API Package and File Disclosure through GitLab Workhorse XSS Vulnerability in Create Groups Issue and Merge Request Activity Counts Exposed Email Confirmation Bypass Using AP Disclosure of Forked Private Project Source Code Private Project Names Exposed in GraphQL queries Disclosure of Issues and Merge Requests via Todos Denial of Service via AsciiDoc Last Pipeline Status Exposed Arbitrary Change of Pipeline Status Grafana Token Displayed in Plaintext Update excon gem Update rdoc gem Update rack-cors gem Update rubyzip gem