Back to search

FreeBSD: VID-065B3B72-C5AB-11E8-9AE2-001B217B3468 (CVE-2018-17536): Gitlab -- multiple vulnerabilities

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:M/Au:N/C:P/I:P/A:P)	October 01, 2018	October 02, 2018	October 02, 2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-065B3B72-C5AB-11E8-9AE2-001B217B3468:

Gitlab reports:

SSRF GCP access token disclosure

Persistent XSS on issue details

Diff formatter DoS in Sidekiq jobs

Confidential information disclosure in events API endpoint

validate_localhost function in url_blocker.rb could be bypassed

Slack integration CSRF Oauth2

GRPC::Unknown logging token disclosure

IDOR merge request approvals

Persistent XSS package.json

Persistent XSS merge request project import

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

NVD-CVE-2018-17536

Solution

freebsd-upgrade-package-gitlab-ce

Vulnerability & Exploit Database

FreeBSD: VID-065B3B72-C5AB-11E8-9AE2-001B217B3468 (CVE-2018-17536): Gitlab -- multiple vulnerabilities

Description

Scan For This Vulnerability

References

Solution

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

FreeBSD: VID-065B3B72-C5AB-11E8-9AE2-001B217B3468 (CVE-2018-17536): Gitlab -- multiple vulnerabilities

Description

Scan For This Vulnerability

References

Solution

Legal

Resources & Help

Connect With Us

Stay in touch: