vulnerability

FreeBSD: VID-467B7CBE-257D-11E9-8573-001B217B3468 (CVE-2019-6786): Gitlab -- Multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2019-01-31
Added
2019-02-01
Modified
2019-09-20

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-467B7CBE-257D-11E9-8573-001B217B3468:




Gitlab reports:



Remote Command Execution via GitLab Pages


Covert Redirect to Steal GitHub/Bitbucket Tokens


Remote Mirror Branches Leaked by Git Transfer Refs


Denial of Service with Markdown


Guests Can View List of Group Merge Requests


Guest Can View Merge Request Titles via System Notes


Persistent XSS via KaTeX


Emails Sent to Unauthorized Users


Hyperlink Injection in Notification Emails


Unauthorized Access to LFS Objects


Trigger Token Exposure


Upgrade Rails to 5.0.7.1 and 4.2.11


Contributed Project Information Visible in Private Profile


Imported Project Retains Prior Visibility Setting


Error disclosure on Project Import


Persistent XSS in User Status


Last Commit Status Leaked to Guest Users


Mitigations for IDN Homograph and RTLO Attacks


Access to Internal Wiki When External Wiki Enabled


User Can Comment on Locked Project Issues


Unauthorized Reaction Emojis by Guest Users


User Retains Project Role After Removal from Private Group


GitHub Token Leaked to Maintainers


Unauthenticated Blind SSRF in Jira Integration


Unauthorized Access to Group Membership


Validate SAML Response in Group SAML SSO




Solution

freebsd-upgrade-package-gitlab-ce
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.