FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  514783
Date:      2019-10-19
Time:      09:52:18Z
Committer: wen

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
085a087b-3897-11e8-ac53-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Confidential issue comments in Slack, Mattermost, and webhook integrations.

Persistent XSS in milestones data-milestone-id.

Persistent XSS in filename of merge request.

Discovery 2018-04-04
Entry 2018-04-05
ge 10.6.0 lt 10.6.3

ge 10.5.0 lt 10.5.7

ge 8.6 lt 10.4.7
10968dfd-a687-11e6-b2d3-60a44ce6887bgitlab -- Directory traversal via "import/export" feature

GitLab reports:

The import/export feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users.

Discovery 2016-11-02
Entry 2016-11-09
Modified 2017-05-18
ge 8.10.0 le 8.10.12

ge 8.11.0 le 8.11.9

ge 8.12.0 le 8.12.7

ge 8.13.0 le 8.13.2
418c172b-b96f-11e7-b627-d43d7e971a1bGitLab -- multiple vulnerabilities

GitLab reports:

Cross-Site Scripting (XSS) vulnerability in the Markdown sanitization filter

Yasin Soliman via HackerOne reported a Cross-Site Scripting (XSS) vulnerability in the GitLab markdown sanitization filter. The sanitization filter was not properly stripping invalid characters from URL schemes and was therefore vulnerable to persistent XSS attacks anywhere Markdown was supported.

Cross-Site Scripting (XSS) vulnerability in search bar

Josh Unger reported a Cross-Site Scripting (XSS) vulnerability in the issue search bar. Usernames were not being properly HTML escaped inside the author filter would could allow arbitrary script execution.

Open redirect in repository git redirects

Eric Rafaloff via HackerOne reported that GitLab was vulnerable to an open redirect vulnerability when redirecting requests for repository names that include the git extension. GitLab was not properly removing dangerous parameters from the params field before redirecting which could allow an attacker to redirect users to arbitrary hosts.

Username changes could leave repositories behind

An internal code review discovered that a bug in the code that moves repositories during a username change could potentially leave behind projects, allowing an attacker who knows the previous username to potentially steal the contents of repositories on instances that are not configured with hashed namespaces.

Discovery 2017-10-17
Entry 2017-10-25
ge 2.8.0 le 9.4.6

ge 9.5.0 le 9.5.8

ge 10.0.0 le 10.0.3
5d62950f-3bb5-11e7-93f7-d43d7e971a1bgitlab -- Various security issues

GitLab reports:

Information Disclosure in Issue and Merge Request Trackers

During an internal code review a critical vulnerability in the GitLab Issue and Merge Request trackers was discovered. This vulnerability could allow a user with access to assign ownership of an issue or merge request to another user to disclose that user's private token, email token, email address, and encrypted OTP secret. Reporter-level access to a GitLab project is required to exploit this flaw.

SSRF when importing a project from a Repo by URL

GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a project import URL of localhost an attacker could target services that are bound to the local interface of the server. These services often do not require authentication. Depending on the service an attacker might be able craft an attack using the project import request URL.

Links in Environments tab vulnerable to tabnabbing

edio via HackerOne reported that user-configured Environment links include target=_blank but do not also include rel: noopener noreferrer. Anyone clicking on these links may therefore be subjected to tabnabbing attacks where a link back to the requesting page is maintained and can be manipulated by the target server.

Accounts with email set to "Do not show on profile" have addresses exposed in public atom feed

Several GitLab users reported that even with "Do not show on profile" configured for their email addresses those addresses were still being leaked in Atom feeds if they commented on a public project.

Discovery 2017-03-20
Entry 2017-05-18
Modified 2017-05-30
ge 8.7.0 le 8.15.7

ge 8.16.0 le 8.16.7

ge 8.17.0 le 8.17.3

65fab89f-2231-46db-8541-978f4e87f32agitlab -- Remote code execution on project import

GitLab developers report:

Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately.

Discovery 2018-01-16
Entry 2018-01-17
lt 10.1.6
6a177c87-9933-11e7-93f7-d43d7e971a1bGitLab -- multiple vulnerabilities

GitLab reports:

Please reference CVE/URL list for details

Discovery 2017-09-07
Entry 2017-09-14
ge 1.0.0 le 9.3.10

ge 9.4.0 le 9.4.5

ge 9.5.0 le 9.5.3
85ebfa0c-5d8d-11e7-93f7-d43d7e971a1bGitLab -- Various security issues

GitLab reports:

Please reference CVE/URL list for details

Discovery 2017-06-07
Entry 2017-06-30
ge 4.0.0 le 9.0.9

ge 9.1.0 le 9.1.6

ge 9.2.0 le 9.2.4
86291013-16e6-11e8-ae9f-d43d7e971a1bGitLab -- multiple vulnerabilities

GitLab reports:

SnippetFinder information disclosure

The GitLab SnippetFinder component contained an information disclosure which allowed access to snippets restricted to Only team members or configured as disabled. The issue is now resolved in the latest version.

LDAP API authorization issue

An LDAP API endpoint contained an authorization vulnerability which unintentionally disclosed bulk LDAP groups data. This issue is now fixed in the latest release.

Persistent XSS mermaid markdown

The mermaid markdown feature contained a persistent XSS issue that is now resolved in the latest release.

Insecure direct object reference Todo API

The Todo API was vulnerable to an insecure direct object reference issue which resulted in an information disclosure of confidential data.

GitHub import access control issue

An improper access control weakness issue was discovered in the GitHub import feature. The issue allowed an attacker to create projects under other accounts which they shouldn't have access to. The issue is now resolved in the latest version.

Protected variables information disclosure

The CI jobs protected tag feature contained a vulnerability which resulted in an information disclosure of protected variables. The issue is now resolved in the latest release.

Discovery 2018-02-07
Entry 2018-02-21
ge 6.1.0 le 10.2.7

ge 10.3.0 le 10.3.6

ge 10.4.0 le 10.4.2
8fc615cc-8a66-11e8-8c75-d8cb8abf62ddGitlab -- Remote Code Execution Vulnerability in GitLab Projects Import

Gitlab reports:

Remote Code Execution Vulnerability in GitLab Projects Import

Discovery 2018-07-17
Entry 2018-07-18
ge 11.0.0 lt 11.0.4

ge 10.8.0 lt 10.8.6

ge 8.9.0 lt 10.7.7

92f4191a-6d25-11e7-93f7-d43d7e971a1bGitLab -- Various security issues

GitLab reports:

Please reference CVE/URL list for details

Discovery 2017-07-20
Entry 2017-07-20
Modified 2017-08-15
ge 8.0.0 le 8.17.6

ge 9.0.0 le 9.0.10

ge 9.1.0 le 9.1.7

ge 9.2.0 le 9.2.7

ge 9.3.0 le 9.3.7
9557dc72-64da-11e8-bc32-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Removing public deploy keys regression

Users can update their password without entering current password

Persistent XSS - Selecting users as allowed merge request approvers

Persistent XSS - Multiple locations of user selection drop downs

include directive in .gitlab-ci.yml allows SSRF requests

Permissions issue in Merge Requests Create Service

Arbitrary assignment of project fields using "Import project"

Discovery 2018-05-29
Entry 2018-05-31
ge 10.8.0 lt 10.8.2

ge 10.7.0 lt 10.7.5

ge 1.0 lt 10.6.6
9704930c-3bb7-11e7-93f7-d43d7e971a1bgitlab -- Various security issues

GitLab reports:

Please reference CVE/URL list for details

Discovery 2017-05-08
Entry 2017-05-18
Modified 2017-05-30
ge 6.6.0 le 8.17.5

ge 9.0.0 le 9.0.6

ge 9.1.0 le 9.1.2
9dfe61c8-4d15-11e8-8f2f-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Persistent XSS in Move Issue using project namespace

Download Archive allowing unauthorized private repo access

Mattermost Updates

Discovery 2018-04-30
Entry 2018-05-01
ge 10.7.0 lt 10.7.2

ge 10.6.0 lt 10.6.5

ge 9.5.0 lt 10.5.8

abcc5ad3-7e6a-11e7-93f7-d43d7e971a1bGitLab -- two vulnerabilities

GitLab reports:

Remote Command Execution in git client

An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command line arguments in URLs using the SSH protocol before invoking the SSH client. A specially crafted URL could be used to execute arbitrary shell commands on the GitLab server.

To fully patch this vulnerability two fixes were needed. The Omnibus versions of GitLab contain a patched git client. For source users who may still be running an older version of git, GitLab now also blocks import URLs containing invalid host and usernames.

This issue has been assigned CVE-2017-12426.

Improper sanitization of GitLab export files on import

GitLab versions 8.13.3, 8.12.8, 8.11.10, 8.10.13, and 8.9.12 contained a patch for a critical directory traversal vulnerability in the GitLab export feature that could be exploited by including symlinks in the export file and then re-importing it to a GitLab instance. This vulnerability was patched by checking for and removing symlinks in these files on import.

Recurity-Labs also determined that this fix did not properly remove symlinks for hidden files. Though not as dangerous as the original vulnerability hidden file symlinks could still be used to steal copies of git repositories belonging to other users if the path to the git repository was known by the attacker. An updated fix has been included in these releases that properly removes all symlinks.

This import option was not made available to non-admin users until GitLab 8.13.0.

Discovery 2017-08-10
Entry 2017-08-11
ge 7.9.0 le 8.17.8

ge 9.0.0 le 9.0.12

ge 9.1.0 le 9.1.9

ge 9.2.0 le 9.2.9

ge 9.3.0 le 9.3.9

ge 9.4.0 le 9.4.3
b950a83b-789e-11e8-8545-d8cb8abf62ddGitlab -- multiple vulnerabilities

Gitlab reports:

Wiki XSS

Sanitize gem updates

XSS in url_for(params)

Content injection via username

Activity feed publicly displaying internal project names

Persistent XSS in charts

Discovery 2018-06-25
Entry 2018-06-25
ge 11.0.0 lt 11.0.1

ge 10.8.0 lt 10.8.5

ge 4.1 lt 10.7.6

be72e773-1131-11e6-94fa-002590263bf5gitlab -- privilege escalation via "impersonate" feature

GitLab reports:

During an internal code review, we discovered a critical security flaw in the "impersonate" feature of GitLab. Added in GitLab 8.2, this feature was intended to allow an administrator to simulate being logged in as any other user.

A part of this feature was not properly secured and it was possible for any authenticated user, administrator or not, to "log in" as any other user, including administrators. Please see the issue for more details.

Discovery 2016-05-02
Entry 2016-05-03
ge 8.2.0 lt 8.2.5

ge 8.3.0 lt 8.3.9

ge 8.4.0 lt 8.4.10

ge 8.5.0 lt 8.5.12

ge 8.6.0 lt 8.6.8

ge 8.7.0 lt 8.7.1

dc0c201c-31da-11e8-ac53-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

SSRF in services and web hooks

There were multiple server-side request forgery issues in the Services feature. An attacker could make requests to servers within the same network of the GitLab instance. This could lead to information disclosure, authentication bypass, or potentially code execution. This issue has been assigned CVE-2018-8801.

Gitlab Auth0 integration issue

There was an issue with the GitLab omniauth-auth0 configuration which resulted in the Auth0 integration signing in the wrong users.

Discovery 2018-03-20
Entry 2018-03-27
Modified 2018-04-07
ge 10.5.0 lt 10.5.6

ge 10.4.0 lt 10.4.6

ge 8.3 lt 10.3.9

e72a8864-e0bc-11e7-b627-d43d7e971a1bGitLab -- multiple vulnerabilities

GitLab reports:

User without access to private Wiki can see it on the project page

Matthias Burtscher reported that it was possible for a user to see a private Wiki on the project page without having the corresponding permission.

E-mail address disclosure through member search fields

Hugo Geoffroy reported via HackerOne that it was possible to find out the full e-mail address of any user by brute-forcing the member search field.

Groups API leaks private projects

An internal code review discovered that users were able to list private projects they had no access to by using the Groups API.

Cross-Site Scripting (XSS) possible by editing a comment

Sylvain Heiniger reported via HackerOne that it was possible for arbitrary JavaScript code to be executed when editing a comment.

Issue API allows any user to create a new issue even when issues are restricted or disabled

Mohammad Hasbini reported that any user could create a new issues in a project even when issues were disabled or restricted to team members in the project settings.

Discovery 2017-12-08
Entry 2017-12-14
ge 4.2.0 le 10.0.6

ge 10.1.0 le 10.1.4

ge 10.2.0 le 10.2.3