GitLab 又發布了全系的安全更新補丁,版本是 12.1.2, 12.0.4 和 11.11.7,包括社區版和企業版。這些版本包含重要的安全更新,強烈建議所有 GitLab 安裝立即更新,立即更新,立即更新!!! 這些安全問題影響 GitLab CE/EE 10.6 以及以後的版本。
漏洞包括:
- GitHub Integration SSRF
- Trigger Token Impersonation
- Build Status Disclosure
- SSRF Mitigation Bypass
- Information Disclosure New Issue ID
- IDOR Label Name Enumeration
- Persistent XSS Wiki Pages
- User Revokation Bypass with Mattermost Integration
- Arbitrary File Upload via Import Project Archive
- Information Disclosure Vulnerability Feedback
- Persistent XSS via Email
- Denial Of Service Epic Comments
- Email Verification Bypass
- Override Merge Request Approval Rules
關於漏洞詳細的描述請看:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/