FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.8.0 <= gitlab-ce < 16.8.1
16.7.0 <= gitlab-ce < 16.7.4
16.6.0 <= gitlab-ce < 16.6.6
12.7.0 <= gitlab-ce < 16.5.8

Details

VuXML ID 61fe903b-bc2e-11ee-b06e-001b217b3468
Discovery 2024-01-25
Entry 2024-01-26

Gitlab reports:

Arbitrary file write while creating workspace

ReDoS in Cargo.toml blob viewer

Arbitrary API PUT requests via HTML injection in user's name

Disclosure of the public email in Tags RSS Feed

Non-Member can update MR Assignees of owned MRs

[source]

References

CVE Name CVE-2023-5612
CVE Name CVE-2023-5933
CVE Name CVE-2023-6159
CVE Name CVE-2024-0402
CVE Name CVE-2024-0456
URL https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.