歡迎您光臨本站 註冊首頁

GitLab 又發布安全補丁 12.1.2,12.0.4和11.11.7,不更新不行!

←手機掃碼閱讀     admin @ 2019-07-30 , reply:0

GitLab 又發布了全系的安全更新補丁,版本是 12.1.2, 12.0.4 和 11.11.7,包括社區版和企業版。這些版本包含重要的安全更新,強烈建議所有 GitLab 安裝立即更新,立即更新,立即更新!!! 這些安全問題影響 GitLab CE/EE 10.6 以及以後的版本。

漏洞包括:

  • GitHub Integration SSRF
  • Trigger Token Impersonation
  • Build Status Disclosure
  • SSRF Mitigation Bypass
  • Information Disclosure New Issue ID
  • IDOR Label Name Enumeration  
  • Persistent XSS Wiki Pages   
  • User Revokation Bypass with Mattermost Integration    
  • Arbitrary File Upload via Import Project Archive    
  • Information Disclosure Vulnerability Feedback  
  • Persistent XSS via Email    
  • Denial Of Service Epic Comments   
  • Email Verification Bypass    
  • Override Merge Request Approval Rules

關於漏洞詳細的描述請看:

https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/


[admin ]

來源:OsChina
連結:https://www.oschina.net/news/108624/security-release-gitlab-12-dot-1-dot-2-released
GitLab 又發布安全補丁 12.1.2,12.0.4和11.11.7,不更新不行!已經有129次圍觀

http://coctec.com/news/all/show-post-211153.html