FreeBSD : gitlab -- Directory traversal via 'import/export' feature (10968dfd-a687-11e6-b2d3-60a44ce6887b)
Medium Nessus Plugin ID 94663
The remote FreeBSD host is missing one or more security-related updates.
GitLab reports : The import/export feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users.