VuXML ID | Description |
b950a83b-789e-11e8-8545-d8cb8abf62dd | Gitlab -- multiple vulnerabilities
Gitlab reports:
Wiki XSS
Sanitize gem updates
XSS in url_for(params)
Content injection via username
Activity feed publicly displaying internal project names
Persistent XSS in charts
Discovery 2018-06-25 Entry 2018-06-25 gitlab
ge 11.0.0 lt 11.0.1
ge 10.8.0 lt 10.8.5
ge 4.1 lt 10.7.6
CVE-2018-12606
CVE-2018-3740
CVE-2018-12605
CVE-2018-12607
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
|
dc0c201c-31da-11e8-ac53-d8cb8abf62dd | Gitlab -- multiple vulnerabilities
GitLab reports:
SSRF in services and web hooks
There were multiple server-side request forgery issues in the Services feature.
An attacker could make requests to servers within the same network of the GitLab
instance. This could lead to information disclosure, authentication bypass, or
potentially code execution. This issue has been assigned
CVE-2018-8801.
Gitlab Auth0 integration issue
There was an issue with the GitLab omniauth-auth0 configuration
which resulted in the Auth0 integration signing in the wrong users.
Discovery 2018-03-20 Entry 2018-03-27 Modified 2018-04-07 gitlab
ge 10.5.0 lt 10.5.6
ge 10.4.0 lt 10.4.6
ge 8.3 lt 10.3.9
CVE-2018-8801
https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
|
9557dc72-64da-11e8-bc32-d8cb8abf62dd | Gitlab -- multiple vulnerabilities
GitLab reports:
Removing public deploy keys regression
Users can update their password without entering current password
Persistent XSS - Selecting users as allowed merge request approvers
Persistent XSS - Multiple locations of user selection drop downs
include directive in .gitlab-ci.yml allows SSRF requests
Permissions issue in Merge Requests Create Service
Arbitrary assignment of project fields using "Import project"
Discovery 2018-05-29 Entry 2018-05-31 gitlab
ge 10.8.0 lt 10.8.2
ge 10.7.0 lt 10.7.5
ge 1.0 lt 10.6.6
https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
|
8fc615cc-8a66-11e8-8c75-d8cb8abf62dd | Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import
Gitlab reports:
Remote Code Execution Vulnerability in GitLab Projects Import
Discovery 2018-07-17 Entry 2018-07-18 gitlab-ce
gitlab
ge 11.0.0 lt 11.0.4
ge 10.8.0 lt 10.8.6
ge 8.9.0 lt 10.7.7
CVE-2018-14364
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
|
085a087b-3897-11e8-ac53-d8cb8abf62dd | Gitlab -- multiple vulnerabilities
GitLab reports:
Confidential issue comments in Slack, Mattermost, and webhook integrations.
Persistent XSS in milestones data-milestone-id.
Persistent XSS in filename of merge request.
Discovery 2018-04-04 Entry 2018-04-05 gitlab
ge 10.6.0 lt 10.6.3
ge 10.5.0 lt 10.5.7
ge 8.6 lt 10.4.7
https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
|
418c172b-b96f-11e7-b627-d43d7e971a1b | GitLab -- multiple vulnerabilities
GitLab reports:
Cross-Site Scripting (XSS) vulnerability in the Markdown sanitization
filter
Yasin Soliman via HackerOne reported a Cross-Site Scripting (XSS)
vulnerability in the GitLab markdown sanitization filter. The sanitization
filter was not properly stripping invalid characters from URL schemes and
was therefore vulnerable to persistent XSS attacks anywhere Markdown was
supported.
Cross-Site Scripting (XSS) vulnerability in search bar
Josh Unger reported a Cross-Site Scripting (XSS) vulnerability in the
issue search bar. Usernames were not being properly HTML escaped inside the
author filter would could allow arbitrary script execution.
Open redirect in repository git redirects
Eric Rafaloff via HackerOne reported that GitLab was vulnerable to an
open redirect vulnerability when redirecting requests for repository names
that include the git extension. GitLab was not properly removing dangerous
parameters from the params field before redirecting which could allow an
attacker to redirect users to arbitrary hosts.
Username changes could leave repositories behind
An internal code review discovered that a bug in the code that moves
repositories during a username change could potentially leave behind
projects, allowing an attacker who knows the previous username to
potentially steal the contents of repositories on instances that are not
configured with hashed namespaces.
Discovery 2017-10-17 Entry 2017-10-25 gitlab
ge 2.8.0 le 9.4.6
ge 9.5.0 le 9.5.8
ge 10.0.0 le 10.0.3
https://about.gitlab.com/2017/10/17/gitlab-10-dot-0-dot-4-security-release/
|
86291013-16e6-11e8-ae9f-d43d7e971a1b | GitLab -- multiple vulnerabilities
GitLab reports:
SnippetFinder information disclosure
The GitLab SnippetFinder component contained an information disclosure
which allowed access to snippets restricted to Only team members or
configured as disabled. The issue is now resolved in the latest version.
LDAP API authorization issue
An LDAP API endpoint contained an authorization vulnerability which
unintentionally disclosed bulk LDAP groups data. This issue is now fixed in
the latest release.
Persistent XSS mermaid markdown
The mermaid markdown feature contained a persistent XSS issue that is now
resolved in the latest release.
Insecure direct object reference Todo API
The Todo API was vulnerable to an insecure direct object reference issue
which resulted in an information disclosure of confidential data.
GitHub import access control issue
An improper access control weakness issue was discovered in the GitHub
import feature. The issue allowed an attacker to create projects under other
accounts which they shouldn't have access to. The issue is now resolved in
the latest version.
Protected variables information disclosure
The CI jobs protected tag feature contained a vulnerability which
resulted in an information disclosure of protected variables. The issue is
now resolved in the latest release.
Discovery 2018-02-07 Entry 2018-02-21 gitlab
ge 6.1.0 le 10.2.7
ge 10.3.0 le 10.3.6
ge 10.4.0 le 10.4.2
https://about.gitlab.com/2018/02/07/gitlab-security-10-4-3-plus-10-3-7-plus-10-2-8-blog/
|
e72a8864-e0bc-11e7-b627-d43d7e971a1b | GitLab -- multiple vulnerabilities
GitLab reports:
User without access to private Wiki can see it on the project page
Matthias Burtscher reported that it was possible for a user to see a
private Wiki on the project page without having the corresponding
permission.
E-mail address disclosure through member search fields
Hugo Geoffroy reported via HackerOne that it was possible to find out the
full e-mail address of any user by brute-forcing the member search
field.
Groups API leaks private projects
An internal code review discovered that users were able to list private
projects they had no access to by using the Groups API.
Cross-Site Scripting (XSS) possible by editing a comment
Sylvain Heiniger reported via HackerOne that it was possible for
arbitrary JavaScript code to be executed when editing a comment.
Issue API allows any user to create a new issue even when issues are
restricted or disabled
Mohammad Hasbini reported that any user could create a new issues in a
project even when issues were disabled or restricted to team members in the
project settings.
Discovery 2017-12-08 Entry 2017-12-14 gitlab
ge 4.2.0 le 10.0.6
ge 10.1.0 le 10.1.4
ge 10.2.0 le 10.2.3
https://about.gitlab.com/2017/12/08/gitlab-10-dot-2-dot-4-security-release/
|
65fab89f-2231-46db-8541-978f4e87f32a | gitlab -- Remote code execution on project import
GitLab developers report:
Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for
GitLab Community Edition (CE) and Enterprise Edition (EE).
These versions contain a number of important security fixes,
including two that prevent remote code execution, and we strongly
recommend that all GitLab installations be upgraded to one of these
versions immediately.
Discovery 2018-01-16 Entry 2018-01-17 gitlab
< 10.1.6
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0915
CVE-2018-3710
|