Gitlab -- Multiple Vulnerabilities

2020-04-30T00:00:00
ID E8483115-8B8E-11EA-BDCF-001B217B3468
Type freebsd
Reporter FreeBSD
Modified 2020-04-30T00:00:00

Description

Gitlab reports:

Path Traversal in NuGet Package Registry Workhorse Bypass Leads to File Disclosure OAuth Application Client Secrets Revealed Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes Code Owners Protection Not Enforced from Web UI Repository Mirror Passwords Exposed To Maintainers Admin Audit Log Page Denial of Service Private Project ID Revealed Through Group API Elasticsearch Credentials Logged to ELK GitHub Personal Access Token Exposed on Integrations Page Update Nokogiri dependency Update OpenSSL Dependency Update git