DSA-4145-1 gitlab -- gitlabID: oval:org.secpod.oval:def:53282 | Date: (C)2019-04-04 (M)2023-03-08 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0915 / CVE-2018-3710 Arbitrary code execution in project import. CVE-2017-0916 Command injection via Webhooks. CVE-2017-0917 Cross-site scripting in CI job output. CVE-2017-0918 Insufficient restriction of CI runner for project cache access. CVE-2017-0925 Information disclosure in Services API. CVE-2017-0926 Restrictions for disabled OAuth providers could be bypassed.