Douglas Barbosa Alexandre

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.7.8 and earlier, 11.8.x before 11.8.4, and 11.9.x before 11.9.2 GitLab Community and Enterprise Edition versions 11.7.10 and earlier, 11.8.x before 11.8.6, and 11.9.x before 11.9.4 Description: The issue concerns the insecure derivation of the HMAC key construction in GitLab. Recommendations: For versions 11.7.8 and earlier, 11.8.x before 11.8.4, and 11.9.x before 11.9.2, update to version 11.7.8, 11.8.4, or 11.9.2, respectively. For versions 11.7.10 and earlier, 11.8.x before 11.8.6, and 11.9.x before 11.9.4, update to version 11.7.10, 11.8.6, or 11.9.4, respectively.

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.7.8 and earlier GitLab Community and Enterprise Edition versions 11.8.x before 11.8.4 GitLab Community and Enterprise Edition versions 11.9.x before 11.9.2 Description: An Information Exposure issue was discovered in GitLab during the OAuth authentication process. The application attempts to validate a parameter in an insecure way, potentially exposing data. Recommendations: For GitLab Community and Enterprise Edition versions 11.7.8 and earlier, update to version 11.7.8 or later. For GitLab Community and Enterprise Edition versions 11.8.x before 11.8.4, update to version 11.8.4 or later. For GitLab Community and Enterprise Edition versions 11.9.x before 11.9.2, update to version 11.9.2 or later.

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions prior to 11.7.8 GitLab Community and Enterprise Edition versions 11.8.x prior to 11.8.4 GitLab Community and Enterprise Edition versions 11.9.x prior to 11.9.2 Description: An Open Redirect issue was discovered in GitLab. The issue is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. Recommendations: For versions prior to 11.7.8, update to version 11.7.8 or later. For versions 11.8.x prior to 11.8.4, update to version 11.8.4 or later. For versions 11.9.x prior to 11.9.2, update to version 11.9.2 or later.