vulnerability

FreeBSD: VID-B2F4AB91-0E6B-11E9-8700-001B217B3468 (CVE-2018-20499): Gitlab -- Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Dec 31, 2018	Jan 4, 2019	Jan 9, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Dec 31, 2018

Added

Jan 4, 2019

Modified

Jan 9, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-B2F4AB91-0E6B-11E9-8700-001B217B3468:

Gitlab reports:

Source code disclosure merge request diff

Todos improper access control

URL rel attribute not set

Persistent XSS Autocompletion

SSRF repository mirroring

CI job token LFS error message disclosure

Secret CI variable exposure

Guest user CI job disclosure

Persistent XSS label reference

Persistent XSS wiki in IE browser

SSRF in project imports with LFS

Improper access control CI/CD settings

Missing authorization control merge requests

Improper access control branches and tags

Missing authentication for Prometheus alert endpoint

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2018-20499

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today