vulnerability

FreeBSD: VID-B68CC195-CAE7-11E9-86E9-001B217B3468 (CVE-2019-15740): Gitlab -- Multiple Vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 29, 2019
Added
Aug 31, 2019
Modified
Sep 20, 2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-B68CC195-CAE7-11E9-86E9-001B217B3468:




Gitlab reports:



Kubernetes Integration Server-Side Request Forgery


Server-Side Request Forgery in Jira Integration


Improved Protection Against Credential Stuffing Attacks


Markdown Clientside Resource Exhaustion


Pipeline Status Disclosure


Group Runner Authorization Issue


CI Metrics Disclosure


User IP Disclosed by Embedded Image and Media


Label Description HTML Injection


IDOR in Epic Notes API


Push Rule Bypass


Project Visibility Restriction Bypass


Merge Request Discussion Restriction Bypass


Disclosure of Merge Request IDs


Weak Authentication In Certain Account Actions


Disclosure of Commit Title and Comments


Stored XSS via Markdown


EXIF Geolocation Data Exposure


Multiple SSRF Regressions on Gitaly


Default Branch Name Exposure


Potential Denial of Service via CI Pipelines


Privilege Escalation via Logrotate




Solution

freebsd-upgrade-package-gitlab-ce
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.