diff options
author | Matthias Fechner <mfechner@FreeBSD.org> | 2018-03-28 21:05:54 +0800 |
---|---|---|
committer | Matthias Fechner <mfechner@FreeBSD.org> | 2018-03-28 21:05:54 +0800 |
commit | f83cc745aac68cf9973c8282ced82bcd7873c7e4 (patch) | |
tree | 65e8bf104a82fe39661b4af5d52d178b14d84480 | |
parent | eb798862feda91cf550f8473b50badd62945f7db (diff) | |
download | freebsd-ports-f83cc745aac68cf9973c8282ced82bcd7873c7e4.tar.gz freebsd-ports-f83cc745aac68cf9973c8282ced82bcd7873c7e4.tar.zst freebsd-ports-f83cc745aac68cf9973c8282ced82bcd7873c7e4.zip |
Document gitlab vulnerability.
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D14870
Notes
Notes:
svn path=/head/; revision=465805
-rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2ff288bcb39b..e902a9b8cccc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -203,6 +203,42 @@ Notes: </dates> </vuln> + <vuln vid="dc0c201c-31da-11e8-ac53-d8cb8abf62dd"> + <topic>Gitlab -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitlab</name> + <range><ge>8.3</ge><lt>10.5.6</lt></range> + <range><ge>8.3</ge><lt>10.4.6</lt></range> + <range><ge>8.3</ge><lt>10.3.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GitLab reports:</p> + <blockquote cite="https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/"> + <h1>SSRF in services and web hooks</h1> + <p>There were multiple server-side request forgery issues in the Services feature. + An attacker could make requests to servers within the same network of the GitLab + instance. This could lead to information disclosure, authentication bypass, or + potentially code execution. This issue has been assigned + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8801">CVE-2018-8801</a>.</p> + <h1>Gitlab Auth0 integration issue</h1> + <p>There was an issue with the GitLab <code>omniauth-auth0</code> configuration + which resulted in the Auth0 integration signing in the wrong users.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2018-8801</cvename> + <url>https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/</url> + </references> + <dates> + <discovery>2018-03-20</discovery> + <entry>2018-03-27</entry> + </dates> + </vuln> + <vuln vid="23f59689-0152-42d3-9ade-1658d6380567"> <topic>mozilla -- use-after-free in compositor</topic> <affects> |