FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.1.0 <= gitlab-ce < 17.1.1
17.0.0 <= gitlab-ce < 17.0.3
1.0.0 <= gitlab-ce < 16.11.5
17.1.0 <= gitlab-ee < 17.1.1
17.0.0 <= gitlab-ee < 17.0.3
1.0.0 <= gitlab-ee < 16.11.5

Details

VuXML ID 589de937-343f-11ef-8a7b-001b217b3468
Discovery 2024-06-26
Entry 2024-06-27

Gitlab reports:

Run pipelines as any user

Stored XSS injected in imported project's commit notes

CSRF on GraphQL API IntrospectionQuery

Remove search results from public projects with unauthorized repos

Cross window forgery in user application OAuth flow

Project maintainers can bypass group's merge request approval policy

ReDoS via custom built markdown page

Private job artifacts can be accessed by any user

Security fixes for banzai pipeline

ReDoS in dependency linker

Denial of service using a crafted OpenAPI file

Merge request title disclosure

Access issues and epics without having an SSO session

Non project member can promote key results to objectives

[source]

References

CVE Name CVE-2024-1493
CVE Name CVE-2024-1816
CVE Name CVE-2024-2177
CVE Name CVE-2024-2191
CVE Name CVE-2024-3115
CVE Name CVE-2024-3959
CVE Name CVE-2024-4011
CVE Name CVE-2024-4025
CVE Name CVE-2024-4557
CVE Name CVE-2024-4901
CVE Name CVE-2024-4994
CVE Name CVE-2024-5430
CVE Name CVE-2024-5655
CVE Name CVE-2024-6323
URL https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.