GitLab Critical Security Release: 11.3.4, 11.2.5, and 11.1.8

Gitlab is an opensource software that can be installed into CVE-2018-17939.

Versions affected

Affects GitLab CE/EE 11.3, 11.2, and 11.1.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Private project namespace information disclosure

The epic feature is leaking private project namespaces if someone adds a related issue to the epic. The issue is now mitigated in the latest release and is assigned CVE-2018-17976.

Thanks to @ngalog for responsibly reporting this vulnerability to us.

Versions affected

Affects GitLab CE/EE 10.2 – 11.3.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Gitlab Flavored Markdown API information disclosure

The GFM API is missing an authorization control which results in leaking confidential issue titles and private snippet titles. The issue is now mitigated in the latest release and is assigned CVE-2018-17975.

Thanks to @jobert for responsibly reporting this vulnerability to us.

Versions affected

Affects GitLab CE 11.0 – 11.3.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Updating

To update, check out our update page.

Gitlab is an opensource software that can be installed into
>
WhatsApp WhatsApp us