FreeBSD: VID-1aa7a094-1147-11ea-b537-001b217b3468 (CVE-2019-19087): Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability status in dependency list Disclosure of commit count in Cycle Analytics Exposure of related branch names Tags pushes from blocked users Branches and Commits exposed to Guest members via integration IDOR when adding users to protected environments Former project members able to access repository information Unauthorized access to grafana metrics Todos created for former project members Update Mattermost dependency Disclosure of AWS secret keys on certain Admin pages Stored XSS in Group and User profile fields Forked project information disclosed via Project API Denial of Service in the issue and commit comment pages Tokens stored in plaintext