vulnerability

FreeBSD: VID-5D5E5CDA-38E6-11EB-BBBF-001B217B3468 (CVE-2020-26411): Gitlab -- Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Dec 7, 2020	Dec 8, 2020	Dec 16, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Dec 7, 2020

Added

Dec 8, 2020

Modified

Dec 16, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-5D5E5CDA-38E6-11EB-BBBF-001B217B3468:

Gitlab reports:

XSS in Zoom Meeting URL

Limited Information Disclosure in Private Profile

User email exposed via GraphQL endpoint

Group and project membership potentially exposed via GraphQL

Search terms logged in search parameter in rails logs

Un-authorised access to feature flag user list

A specific query on the explore page causes statement timeouts

Exposure of starred projects on private user profiles

Uncontrolled Resource Consumption in any Markdown field using Mermaid

Former group members able to view updates to confidential epics

Update GraphicsMagick dependency

Update GnuPG dependency

Update libxml dependency

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2020-26411

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today