皇上,还记得我吗?我就是1999年那个Linux伊甸园啊-----24小时滚动更新开源资讯,全年无休!

GitLab 又发布安全补丁 12.1.2,12.0.4和11.11.7,不更新不行!

GitLab 又发布了全系的安全更新补丁,版本是 12.1.2, 12.0.4 和 11.11.7,包括社区版和企业版。这些版本包含重要的安全更新,强烈建议所有 GitLab 安装立即更新,立即更新,立即更新!!! 这些安全问题影响 GitLab CE/EE 10.6 以及以后的版本。

漏洞包括:

  • GitHub Integration SSRF
  • Trigger Token Impersonation
  • Build Status Disclosure
  • SSRF Mitigation Bypass
  • Information Disclosure New Issue ID
  • IDOR Label Name Enumeration
  • Persistent XSS Wiki Pages
  • User Revokation Bypass with Mattermost Integration
  • Arbitrary File Upload via Import Project Archive
  • Information Disclosure Vulnerability Feedback
  • Persistent XSS via Email
  • Denial Of Service Epic Comments
  • Email Verification Bypass
  • Override Merge Request Approval Rules

关于漏洞详细的描述请看:

https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

转自 https://www.oschina.net/news/108624/security-release-gitlab-12-dot-1-dot-2-released

分享到:更多 ()