Date: Thu, 28 May 2020 06:19:22 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r536740 - head/security/vuxml Message-ID: <202005280619.04S6JMjq000582@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Thu May 28 06:19:22 2020 New Revision: 536740 URL: https://svnweb.freebsd.org/changeset/ports/536740 Log: Document gitlab-ce vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu May 28 06:15:39 2020 (r536739) +++ head/security/vuxml/vuln.xml Thu May 28 06:19:22 2020 (r536740) @@ -58,6 +58,49 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="69cf62a8-a0aa-11ea-9ea5-001b217b3468"> + <topic>Gitlab -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>13.0.0</ge><lt>13.0.1</lt></range> + <range><ge>12.10.0</ge><lt>12.10.7</lt></range> + <range><ge>12.9.0</ge><lt>12.9.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/">; + <p>User Email Verification Bypass</p> + <p>OAuth Flow Missing Email Verification Checks</p> + <p>Notification Email Verification Bypass</p> + <p>Undisclosed Vulnerability on a Third-Party Rendering Engine</p> + <p>Group Sign-Up Restriction Bypass</p> + <p>Mirror Project Owner Impersonation</p> + <p>Missing Permission Check on Fork Relation Creation</p> + <p>Cross-Site Scripting in Repository Files API</p> + <p>Kubernetes Cluster Token Disclosure</p> + <p>Object Storage File Enumeration</p> + <p>Insecure Authorization Check on Project Deploy Keys</p> + <p>Cross-Site Scripting on Metrics Dashboard</p> + <p>Denial of Service on Custom Dashboards</p> + <p>Client-Side Code Injection through Mermaid Markup</p> + <p>Cross-Site Scripting on Static Site Editor</p> + <p>Disclosure of Amazon EKS Credentials</p> + <p>Denial of Service on Workhorse</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/</url>; + </references> + <dates> + <discovery>2020-05-27</discovery> + <entry>2020-05-28</entry> + </dates> + </vuln> + <vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a"> <topic>sympa -- Denial of service caused by malformed CSRF token</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005280619.04S6JMjq000582>