FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  514534
Date:      2019-10-15
Time:      14:43:01Z
Committer: kai

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b950a83b-789e-11e8-8545-d8cb8abf62ddGitlab -- multiple vulnerabilities

Gitlab reports:

Wiki XSS

Sanitize gem updates

XSS in url_for(params)

Content injection via username

Activity feed publicly displaying internal project names

Persistent XSS in charts


Discovery 2018-06-25
Entry 2018-06-25
gitlab
ge 11.0.0 lt 11.0.1

ge 10.8.0 lt 10.8.5

ge 4.1 lt 10.7.6

CVE-2018-12606
CVE-2018-3740
CVE-2018-12605
CVE-2018-12607
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
dc0c201c-31da-11e8-ac53-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

SSRF in services and web hooks

There were multiple server-side request forgery issues in the Services feature. An attacker could make requests to servers within the same network of the GitLab instance. This could lead to information disclosure, authentication bypass, or potentially code execution. This issue has been assigned CVE-2018-8801.

Gitlab Auth0 integration issue

There was an issue with the GitLab omniauth-auth0 configuration which resulted in the Auth0 integration signing in the wrong users.


Discovery 2018-03-20
Entry 2018-03-27
Modified 2018-04-07
gitlab
ge 10.5.0 lt 10.5.6

ge 10.4.0 lt 10.4.6

ge 8.3 lt 10.3.9

CVE-2018-8801
https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
085a087b-3897-11e8-ac53-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Confidential issue comments in Slack, Mattermost, and webhook integrations.

Persistent XSS in milestones data-milestone-id.

Persistent XSS in filename of merge request.


Discovery 2018-04-04
Entry 2018-04-05
gitlab
ge 10.6.0 lt 10.6.3

ge 10.5.0 lt 10.5.7

ge 8.6 lt 10.4.7

https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
8fc615cc-8a66-11e8-8c75-d8cb8abf62ddGitlab -- Remote Code Execution Vulnerability in GitLab Projects Import

Gitlab reports:

Remote Code Execution Vulnerability in GitLab Projects Import


Discovery 2018-07-17
Entry 2018-07-18
gitlab-ce
gitlab
ge 11.0.0 lt 11.0.4

ge 10.8.0 lt 10.8.6

ge 8.9.0 lt 10.7.7

CVE-2018-14364
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
9dfe61c8-4d15-11e8-8f2f-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Persistent XSS in Move Issue using project namespace

Download Archive allowing unauthorized private repo access

Mattermost Updates


Discovery 2018-04-30
Entry 2018-05-01
gitlab
ge 10.7.0 lt 10.7.2

ge 10.6.0 lt 10.6.5

ge 9.5.0 lt 10.5.8

CVE-2018-10379
https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released
9557dc72-64da-11e8-bc32-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Removing public deploy keys regression

Users can update their password without entering current password

Persistent XSS - Selecting users as allowed merge request approvers

Persistent XSS - Multiple locations of user selection drop downs

include directive in .gitlab-ci.yml allows SSRF requests

Permissions issue in Merge Requests Create Service

Arbitrary assignment of project fields using "Import project"


Discovery 2018-05-29
Entry 2018-05-31
gitlab
ge 10.8.0 lt 10.8.2

ge 10.7.0 lt 10.7.5

ge 1.0 lt 10.6.6

https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/