vulnerability

FreeBSD: VID-C5BD9068-440F-11EA-9CDB-001B217B3468 (CVE-2020-7976): Gitlab -- Multiple Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	2020-01-30	2020-02-01	2020-02-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

2020-01-30

Added

2020-02-01

Modified

2020-02-28

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-C5BD9068-440F-11EA-9CDB-001B217B3468:

Gitlab reports:

Path Traversal to Arbitrary File Read

User Permissions Not Validated in ProjectExportWorker

XSS Vulnerability in File API

Package and File Disclosure through GitLab Workhorse

XSS Vulnerability in Create Groups

Issue and Merge Request Activity Counts Exposed

Email Confirmation Bypass Using AP

Disclosure of Forked Private Project Source Code

Private Project Names Exposed in GraphQL queries

Disclosure of Issues and Merge Requests via Todos

Denial of Service via AsciiDoc

Last Pipeline Status Exposed

Arbitrary Change of Pipeline Status

Grafana Token Displayed in Plaintext

Update excon gem

Update rdoc gem

Update rack-cors gem

Update rubyzip gem

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2020-7976

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today