FreeBSD: VID-1fb13175-ed52-11ea-8b93-001b217b3468 (CVE-2020-13297): Gitlab -- multiple vulnerabilities

Gitlab reports: Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality Sign-in Vulnerable to Brute-force Attacks Invalidated Session Allows Account Access With an Old Password GitLab Omniauth Endpoint Renders User Controlled Messages Blind SSRF Through Repository Mirroring Information Disclosure Through Incorrect Group Permission Verifications No Rate Limit on GitLab Webhook Feature GitLab Session Revocation Feature Does Not Invalidate All Sessions OAuth Authorization Scope for an External Application Can Be Changed Without User Consent Unauthorized Maintainer Can Delete Repository Improper Verification of Deploy-Key Leads to Access Restricted Repository Disabled Repository Still Accessible With a Deploy-Token Duplicated Secret Code Generated by 2 Factor Authentication Mechanism Lack of Validation Within Project Invitation Flow Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab Lack of Upper Bound Check Leading to Possible Denial of Service 2 Factor Authentication for Groups Was Not Enforced Within API Endpoint GitLab Runner Denial of Service via CI Jobs Update jQuery Dependency