Vulnerability & Exploit Database

Back to search

FreeBSD: VID-065B3B72-C5AB-11E8-9AE2-001B217B3468 (CVE-2018-17455): Gitlab -- multiple vulnerabilities

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) October 01, 2018 October 02, 2018 October 02, 2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-065B3B72-C5AB-11E8-9AE2-001B217B3468:

Gitlab reports:

SSRF GCP access token disclosure

Persistent XSS on issue details

Diff formatter DoS in Sidekiq jobs

Confidential information disclosure in events API endpoint

validate_localhost function in url_blocker.rb could be bypassed

Slack integration CSRF Oauth2

GRPC::Unknown logging token disclosure

IDOR merge request approvals

Persistent XSS package.json

Persistent XSS merge request project import

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

freebsd-upgrade-package-gitlab-ce