Although the new version is publicly available now, the vulnerability details will not be made public on the GitLab issue tracker for approximately 30 days. The information disclosed to date is as follows:
More information about this issue can be found in the official blog post.
- Project Runner Token Exposed Through Issues Quick Actions. GitLab issues quick actions were vulnerable to an information disclosure issue that disclosed project runner tokens to unauthorized users. The issue is now mitigated in the latest release and is assigned CVE-2019-9866.
Bitnami has released a new version of Bitnami GitLab 11.8.3 for both virtual machines and cloud images that fixes this vulnerability.
Do you have questions about Bitnami GitLab or this security issue? Please post them to our community forum. We will be happy to help you.