FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1fb13175-ed52-11ea-8b93-001b217b3468	Gitlab -- multiple vulnerabilities Gitlab reports: Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality Sign-in Vulnerable to Brute-force Attacks Invalidated Session Allows Account Access With an Old Password GitLab Omniauth Endpoint Renders User Controlled Messages Blind SSRF Through Repository Mirroring Information Disclosure Through Incorrect Group Permission Verifications No Rate Limit on GitLab Webhook Feature GitLab Session Revocation Feature Does Not Invalidate All Sessions OAuth Authorization Scope for an External Application Can Be Changed Without User Consent Unauthorized Maintainer Can Delete Repository Improper Verification of Deploy-Key Leads to Access Restricted Repository Disabled Repository Still Accessible With a Deploy-Token Duplicated Secret Code Generated by 2 Factor Authentication Mechanism Lack of Validation Within Project Invitation Flow Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab Lack of Upper Bound Check Leading to Possible Denial of Service 2 Factor Authentication for Groups Was Not Enforced Within API Endpoint GitLab Runner Denial of Service via CI Jobs Update jQuery Dependency Discovery 2020-09-02 Entry 2020-09-02 gitlab-ce ge 13.3.0 lt 13.3.4 ge 13.2.0 lt 13.2.8 ge 0 lt 13.1.10 https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13318 CVE-2020-13301 CVE-2020-13284 CVE-2020-13298 CVE-2020-13313 CVE-2020-13311 CVE-2020-13289 CVE-2020-13302 CVE-2020-13314 CVE-2020-13309 CVE-2020-13287 CVE-2020-13306 CVE-2020-13299 CVE-2020-13300 CVE-2020-13317 CVE-2020-13303 CVE-2020-13316 CVE-2020-13304 CVE-2020-13305 CVE-2020-13307 CVE-2020-13308 CVE-2020-13315 CVE-2020-13297 CVE-2020-13310 CVE-2020-11022

VuXML ID

Description

1fb13175-ed52-11ea-8b93-001b217b3468

Gitlab -- multiple vulnerabilities

Gitlab reports:

Vendor Cross-Account Assume-Role Attack

Stored XSS on the Vulnerability Page

Outdated Job Token Can Be Reused to Access Unauthorized Resources

File Disclosure Via Workhorse File Upload Bypass

Unauthorized Maintainer Can Edit Group Badge

Denial of Service Within Wiki Functionality

Sign-in Vulnerable to Brute-force Attacks

Invalidated Session Allows Account Access With an Old Password

GitLab Omniauth Endpoint Renders User Controlled Messages

Blind SSRF Through Repository Mirroring

Information Disclosure Through Incorrect Group Permission Verifications

No Rate Limit on GitLab Webhook Feature

GitLab Session Revocation Feature Does Not Invalidate All Sessions

OAuth Authorization Scope for an External Application Can Be Changed Without User Consent

Unauthorized Maintainer Can Delete Repository

Improper Verification of Deploy-Key Leads to Access Restricted Repository

Disabled Repository Still Accessible With a Deploy-Token

Duplicated Secret Code Generated by 2 Factor Authentication Mechanism

Lack of Validation Within Project Invitation Flow

Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication

Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab

Lack of Upper Bound Check Leading to Possible Denial of Service

2 Factor Authentication for Groups Was Not Enforced Within API Endpoint

GitLab Runner Denial of Service via CI Jobs

Update jQuery Dependency

Discovery 2020-09-02
Entry 2020-09-02
gitlab-ce

ge 13.3.0 lt 13.3.4

ge 13.2.0 lt 13.2.8

ge 0 lt 13.1.10

https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13318
CVE-2020-13301
CVE-2020-13284
CVE-2020-13298
CVE-2020-13313
CVE-2020-13311
CVE-2020-13289
CVE-2020-13302
CVE-2020-13314
CVE-2020-13309
CVE-2020-13287
CVE-2020-13306
CVE-2020-13299
CVE-2020-13300
CVE-2020-13317
CVE-2020-13303
CVE-2020-13316
CVE-2020-13304
CVE-2020-13305
CVE-2020-13307
CVE-2020-13308
CVE-2020-13315
CVE-2020-13297
CVE-2020-13310
CVE-2020-11022