An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ee/issues/9665
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ce/issues/57556
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ce/issues/59809
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/...
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ce/issues/63959
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Date published : 2020-01-27 https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ https://gitlab.com/gitlab-org/gitlab-ce/issues/58312
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has...
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has...
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the ‘implement phase’ of the API Publisher. Date published : 2020-01-27 https://cybersecurityworks.com/zerodays/cve-2019-20441-wso2.html https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0647
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. Date published : 2020-01-27 https://cybersecurityworks.com/zerodays/cve-2019-20440-wso2.html...
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher. Date...
An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. Date published : 2020-01-27...
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity...
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect...