漏洞信息
GitLab, the software, is a web-based Git repository manager with wiki and issue tracking features.
The GitLab update fixes the following vulnerabilities:
- Unauthorized access to project build traces.
- Cross-site scripting (XSS) vulnerability in Wiki pages.
- Unauthorized access to notes in confidential issues.
Affected Versions:
GitLab 8.8.0 through 8.8.4
GitLab 8.7.0 through 8.7.6
GitLab 8.6.0 through 8.6.8
GitLab 8.5.0 through 8.5.12
GitLab 8.4.0 through 8.4.10
GitLab 8.3.0 through 8.3.9
GitLab 8.2.0 through 8.2.5
漏洞危害
An attacker could exploit these vulnerabilities to obtain sensitive information or conduct cross-site scripting attacks.
解决方案
The vendor has released GitLab 8.8.5, 8.7.7, 8.6.9, 8.5.13, 8.4.11, 8.3.10 and 8.2.6 to fix these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论