AVG-726

Package gitlab
Status Fixed
Severity Medium
Type multiple issues
Affected 11.0.0-1
Fixed 11.0.1-1
Current 11.8.2-1 [community]
Ticket None
Created Wed Jun 27 07:52:29 2018
Issue Severity Remote Type Description
CVE-2018-3740 Medium Yes Insufficient validation
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
CVE-2018-12607 Medium Yes Cross-site scripting
The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVE-2018-12606 Medium Yes Cross-site scripting
The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
Date Advisory Package Description
04 Jul 2018 ASA-201807-1 gitlab multiple issues
References
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/