Arch Linux Security Advisory ASA-201807-1 ========================================= Severity: Medium Date : 2018-07-04 CVE-ID : CVE-2018-3740 CVE-2018-12606 CVE-2018-12607 Package : gitlab Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-726 Summary ======= The package gitlab before version 11.0.1-1 is vulnerable to multiple issues including cross-site scripting and insufficient validation. Resolution ========== Upgrade to 11.0.1-1. # pacman -Syu "gitlab>=11.0.1-1" The problems have been fixed upstream in version 11.0.1. Workaround ========== None. Description =========== - CVE-2018-3740 (insufficient validation) A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. - CVE-2018-12606 (cross-site scripting) The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. - CVE-2018-12607 (cross-site scripting) The charts feature contained a persistent XSS issue due to a lack of output encoding. Impact ====== An attacker is able to use a GitLab server to execute malicious Javascript code on its users via a crafted HTML chart or specific markdown features. References ========== https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/ https://security.archlinux.org/CVE-2018-3740 https://security.archlinux.org/CVE-2018-12606 https://security.archlinux.org/CVE-2018-12607