FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.6.0 <= gitlab-ce < 17.6.2
17.5.0 <= gitlab-ce < 17.5.4
9.4.0 <= gitlab-ce < 17.4.6
17.6.0 <= gitlab-ee < 17.6.2
17.5.0 <= gitlab-ee < 17.5.4
9.4.0 <= gitlab-ee < 17.4.6

Details

VuXML ID 275ac414-b847-11ef-9877-2cf05da270f3
Discovery 2024-12-11
Entry 2024-12-12

Gitlab reports:

Injection of Network Error Logging (NEL) headers in kubernetes proxy response could lead to ATO abusing OAuth flows

Denial of Service by repeatedly sending unauthenticated requests for diff-files

CI_JOB_TOKEN could be used to obtain GitLab session

Open redirect in releases API

Client-Side Path Traversal in Harbor artifact links

HTML injection in vulnerability details could lead to Cross Site Scripting

Leak branch names of projects with confidential repository

Non member can view unresolved threads marked as internal notes

Uncontrolled Resource Consumption through a maliciously crafted file

Certain sensitive information passed as literals inside GraphQL mutations retained in GraphQL logs

Information disclosure of confidential incidents details to a group member in Gitlab Wiki

Domain Confusion in GitLab Pages Unique Domain Implementation

[source]

References

CVE Name CVE-2024-10043
CVE Name CVE-2024-11274
CVE Name CVE-2024-12292
CVE Name CVE-2024-12292
CVE Name CVE-2024-8116
CVE Name CVE-2024-8179
CVE Name CVE-2024-8233
CVE Name CVE-2024-8647
CVE Name CVE-2024-8650
CVE Name CVE-2024-9367
CVE Name CVE-2024-9387
URL https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.