GitLab security update, Knative upgrade to v0.5

News 2019-06-04 07:41:48 views: null

GitLab released the community and Enterprise Edition 11.11.1,11.10.5 and 11.9.12 This version includes several important bug fixes program, the official recommended that users immediately upgrade to one of them. In GitLab 11.11,11.10 and 11.9 packages, Knative has been upgraded to version 0.5, version contains multiple security fixes.

Updates related to security vulnerabilities include:

  • Special payload allows a malicious user authenticated through repo download function remote execution of commands: CVE-2019-12430
  • Non-member users can subscribe to the issue of notification by canceling the title page subscription access to confidential problems: CVE-2019-12432
  • Limited user can access the private milestone by Search API Metadata: CVE-2019-12431
  • The user can guess the URL private project by the target problem Slug URL: CVE-2019-12434
  • Non-privileged user can label milestone detail page to access confidential issues through, the combined state and the number of requests: CVE-2019-12429
  • The user can send a specially crafted request to bypass the mandatory external authentication provider logon restrictions: CVE-2019-12428
  • Restricted visibility settings allows private groups to create internal projects, resulting in more permissions problems: CVE-2019-12433
  • Because the server contains a plurality of authentication functions inadequately request forgery (the SSRF) Vulnerability: CVE-2019-12443
  • Wiki Pages lack of input validation, cause the storage type XSS: CVE-2019-12444
  • A malicious user can execute JavaScript code on the comment by importing a specially crafted Project file: CVE-2019-12445
  • By failure while importing repository URL will be displayed containing the repository to import the plaintext password error pages: CVE-2019-12446
  • Protected branch features include access control problems, leading to branching restriction rules to bypass Protected: CVE-2019-12441
  • epic details page missing input validation and output code, which results in the presence of sub-storage type XSS vulnerabilities in epic: CVE-2019-12442

Release Notes:

https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released

Guess you like

Origin www.oschina.net/news/107193/gitlab-11-11-1-n-11-10-5-n-11-9-12-released
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com