Hello, I scanned a gitlab-ce with the Greenbone Security Assistant, e.g. OpenVAS Scanner. I got two vulnerabilities:
Missing Secure Attribute SSL Cookie Information Disclosure Vulnerability <https://gsm2.zih.tu-dresden.de/omp?cmd=get_result&result_id=68554194-33c3-4c27-acaa-c64fba55740e&apply_overrides=1&min_qod=&task_id=b1af2986-8b85-47ec-8588-fc0ed3aae7e2&name=Immediate%20scan%20of%20IP%20gitlab.tcs.inf.tu-dresden.de&report_id=879bc697-8777-4c17-ab2f-4a56490ed4a0&filter=sort-reverse%3Dseverity%20result_hosts_only%3D1%20min_cvss_base%3D%20min_qod%3D%20levels%3Dhmlg%20autofp%3D0%20notes%3D1%20overrides%3D1%20first%3D1%20rows%3D100%20delta_states%3Dgn&filt_id=&overrides=1&autofp=0&report_result_id=68554194-33c3-4c27-acaa-c64fba55740e&token=e884c8c2-142a-11e5-889a-0010f3287492> Missing httpOnly Cookie Attribute <https://gsm2.zih.tu-dresden.de/omp?cmd=get_result&result_id=4ee2bc94-106f-4a4f-a375-48a7435f1616&apply_overrides=1&min_qod=&task_id=b1af2986-8b85-47ec-8588-fc0ed3aae7e2&name=Immediate%20scan%20of%20IP%20gitlab.tcs.inf.tu-dresden.de&report_id=879bc697-8777-4c17-ab2f-4a56490ed4a0&filter=sort-reverse%3Dseverity%20result_hosts_only%3D1%20min_cvss_base%3D%20min_qod%3D%20levels%3Dhmlg%20autofp%3D0%20notes%3D1%20overrides%3D1%20first%3D1%20rows%3D100%20delta_states%3Dgn&filt_id=&overrides=1&autofp=0&report_result_id=4ee2bc94-106f-4a4f-a375-48a7435f1616&token=e884c8c2-142a-11e5-889a-0010f3287492> I searched about that, but it seems, anybody has to change the code. Or is any other solution? Thank you. Petra -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/8f5829bf-ee8c-4bc5-80b9-3be448430969%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
