FreeBSD: VID-418C172B-B96F-11E7-B627-D43D7E971A1B: GitLab -- multiple vulnerabilities

Description

GitLab reports:

Cross-Site Scripting (XSS) vulnerability in the Markdown sanitization

filter

Yasin Soliman via HackerOne reported a Cross-Site Scripting (XSS)

vulnerability in the GitLab markdown sanitization filter. The sanitization

filter was not properly stripping invalid characters from URL schemes and

was therefore vulnerable to persistent XSS attacks anywhere Markdown was

supported.

Cross-Site Scripting (XSS) vulnerability in search bar

Josh Unger reported a Cross-Site Scripting (XSS) vulnerability in the

issue search bar. Usernames were not being properly HTML escaped inside the

author filter would could allow arbitrary script execution.

Open redirect in repository git redirects

Eric Rafaloff via HackerOne reported that GitLab was vulnerable to an

open redirect vulnerability when redirecting requests for repository names

that include the git extension. GitLab was not properly removing dangerous

parameters from the params field before redirecting which could allow an

attacker to redirect users to arbitrary hosts.

Username changes could leave repositories behind

An internal code review discovered that a bug in the code that moves

repositories during a username change could potentially leave behind

projects, allowing an attacker who knows the previous username to

potentially steal the contents of repositories on instances that are not

configured with hashed namespaces.