Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-DA459DBC-5586-11E9-ABD6-001B217B3468 (CVE-2019-10114): Gitlab -- Multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

FreeBSD: VID-DA459DBC-5586-11E9-ABD6-001B217B3468 (CVE-2019-10114): Gitlab -- Multiple vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
04/01/2019
Created
04/22/2019
Added
04/03/2019
Modified
06/03/2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-DA459DBC-5586-11E9-ABD6-001B217B3468:

Gitlab reports:

DoS potential for regex in CI/CD refs

Related branches visible in issues for guests

Persistent XSS at merge request resolve conflicts

Improper authorization control "move issue"

Guest users of private projects have access to releases

DoS potential on project languages page

Recurity assessment: information exposure through timing discrepancy

Recurity assessment: loginState HMAC issues

Recurity assessment: open redirect

PDF.js vulnerable to CVE-2018-5158

IDOR labels of private projects/groups

EXIF geolocation data not stripped from uploaded images

Solution(s)

  • freebsd-upgrade-package-gitlab-ce

References

  • CVE-2019-10114

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;