FreeBSD: VID-065B3B72-C5AB-11E8-9AE2-001B217B3468 (CVE-2018-17536): Gitlab -- multiple vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | October 01, 2018 | October 02, 2018 | October 02, 2018 |
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-065B3B72-C5AB-11E8-9AE2-001B217B3468:
Gitlab reports:
SSRF GCP access token disclosure
Persistent XSS on issue details
Diff formatter DoS in Sidekiq jobs
Confidential information disclosure in events API endpoint
validate_localhost function in url_blocker.rb could be bypassed
Slack integration CSRF Oauth2
GRPC::Unknown logging token disclosure
IDOR merge request approvals
Persistent XSS package.json
Persistent XSS merge request project import
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities