vulnerability
FreeBSD: VID-b2f4ab91-0e6b-11e9-8700-001b217b3468 (CVE-2018-20494): Gitlab -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jan 2, 2019 | Jan 4, 2019 | Mar 25, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jan 2, 2019
Added
Jan 4, 2019
Modified
Mar 25, 2026
Description
Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label reference Persistent XSS wiki in IE browser SSRF in project imports with LFS Improper access control CI/CD settings Missing authorization control merge requests Improper access control branches and tags Missing authentication for Prometheus alert endpoint
Solution
freebsd-upgrade-package-gitlab-ce
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.