vulnerability

FreeBSD: VID-DA459DBC-5586-11E9-ABD6-001B217B3468 (CVE-2019-10116): Gitlab -- Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Apr 1, 2019	Apr 3, 2019	Jun 3, 2019

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Apr 1, 2019

Added

Apr 3, 2019

Modified

Jun 3, 2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-DA459DBC-5586-11E9-ABD6-001B217B3468:

Gitlab reports:

DoS potential for regex in CI/CD refs

Related branches visible in issues for guests

Persistent XSS at merge request resolve conflicts

Improper authorization control "move issue"

Guest users of private projects have access to releases

DoS potential on project languages page

Recurity assessment: information exposure through timing discrepancy

Recurity assessment: loginState HMAC issues

Recurity assessment: open redirect

PDF.js vulnerable to CVE-2018-5158

IDOR labels of private projects/groups

EXIF geolocation data not stripped from uploaded images

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2019-10116

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today