Gitlab Security Release: 13.2.3, 13.1.6 and 13.0.12
Gitlab announces security release for version 13.2.3, 13.1.6, and 13.0.12.
Gitlabs have released version 13.2.3, 13.1.6, and 13.0.12 for Gitlab Community Edition (CE) and Enterprise Edition (EE).
The releases contain important secrutiy fixes:
- Arbitrary File Read when Moving an Issue
- Memory exhaustion via Excessive Logging of Invite Email Error
- Denial of Service Through Project Import Feature
- User Controller Git Configuration Settings Resulting in SSRF
- Stored XSS in Issue Reference Number Tooltip
- Stored XSS in Issues List via Milestone Title
- Improper Access Control After Group Transfer
- Bypass Email Verification Required for OAuth Flow
- Confusion When Using Hexadecimal Branch Names
- Insufficient OAuth Revocation
- Improper Access Control for Project Sharing
- Stored XSS in Jobs Page
Follow Us