FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
17.3.0 <= gitlab-ce < 17.3.1
17.2.0 <= gitlab-ce < 17.2.4
8.2.0 <= gitlab-ce < 17.1.6
17.3.0 <= gitlab-ee < 17.3.1
17.2.0 <= gitlab-ee < 17.2.4
8.2.0 <= gitlab-ee < 17.1.6

Details

VuXML ID 49ef501c-62b6-11ef-bba5-2cf05da270f3
Discovery 2024-08-21
Entry 2024-08-25

Gitlab reports:

The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases

Denial of Service by importing maliciously crafted GitHub repository

Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline

An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions

[source]

References

CVE Name CVE-2024-3127
CVE Name CVE-2024-6502
CVE Name CVE-2024-7110
CVE Name CVE-2024-8041
URL https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.