Source: gitlab Version: 11.5.10+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 11.8.0-1
Hi, The following vulnerabilities were published for gitlab, filling for tracking purpose. CVE-2019-9170[0]: IDOR milestone name information disclosure CVE-2019-9171[1]: Milestone name disclosure CVE-2019-9172[2]: Merge request information disclosure CVE-2019-9174[3]: Blind SSRF in prometheus integration CVE-2019-9175[4]: Burndown chart information disclosure CVE-2019-9176[5]: CSRF add Kubernetes cluster integration CVE-2019-9178[6]: Private merge request titles in public project information disclosure CVE-2019-9179[7]: Private namespace disclosure in email notification when issue is moved CVE-2019-9217[8]: NPM automatic package referencer CVE-2019-9219[9]: Issue board name disclosure CVE-2019-9220[10]: Issue DoS via Mermaid CVE-2019-9221[11]: Arbitrary file read via MergeRequestDiff CVE-2019-9222[12]: Path traversal snippet mover CVE-2019-9223[13]: Information disclosure repo existence CVE-2019-9224[14]: Milestone name disclosure CVE-2019-9225[15]: Issue board name disclosure CVE-2019-9485[16]: Privilege escalation impersonate user If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9170 [1] https://security-tracker.debian.org/tracker/CVE-2019-9171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9171 [2] https://security-tracker.debian.org/tracker/CVE-2019-9172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9172 [3] https://security-tracker.debian.org/tracker/CVE-2019-9174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9174 [4] https://security-tracker.debian.org/tracker/CVE-2019-9175 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9175 [5] https://security-tracker.debian.org/tracker/CVE-2019-9176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9176 [6] https://security-tracker.debian.org/tracker/CVE-2019-9178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9178 [7] https://security-tracker.debian.org/tracker/CVE-2019-9179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9179 [8] https://security-tracker.debian.org/tracker/CVE-2019-9217 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9217 [9] https://security-tracker.debian.org/tracker/CVE-2019-9219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9219 [10] https://security-tracker.debian.org/tracker/CVE-2019-9220 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9220 [11] https://security-tracker.debian.org/tracker/CVE-2019-9221 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9221 [12] https://security-tracker.debian.org/tracker/CVE-2019-9222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9222 [13] https://security-tracker.debian.org/tracker/CVE-2019-9223 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9223 [14] https://security-tracker.debian.org/tracker/CVE-2019-9224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9224 [15] https://security-tracker.debian.org/tracker/CVE-2019-9225 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9225 [16] https://security-tracker.debian.org/tracker/CVE-2019-9485 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9485 Regards, Salvatore