FreeBSD : Gitlab -- Multiple vulnerabilities (da459dbc-5586-11e9-abd6-001b217b3468)
Medium Nessus Plugin ID 123645
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGitlab reports :
DoS potential for regex in CI/CD refs
Related branches visible in issues for guests
Persistent XSS at merge request resolve conflicts
Improper authorization control 'move issue'
Guest users of private projects have access to releases
DoS potential on project languages page
Recurity assessment: information exposure through timing discrepancy
Recurity assessment: loginState HMAC issues
Recurity assessment: open redirect
PDF.js vulnerable to CVE-2018-5158
IDOR labels of private projects/groups
EXIF geolocation data not stripped from uploaded images
SolutionUpdate the affected packages.