FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.11.0 <= gitlab-ce < 16.11.2
16.10.0 <= gitlab-ce < 16.10.5
10.6.0 <= gitlab-ce < 16.9.7
16.11.0 <= gitlab-ee < 16.11.2
16.10.0 <= gitlab-ee < 16.10.5
10.6.0 <= gitlab-ee < 16.9.7

Details

VuXML ID fbc2c629-0dc5-11ef-9850-001b217b3468
Discovery 2024-05-08
Entry 2024-05-09

Gitlab reports:

ReDoS in branch search when using wildcards

ReDoS in markdown render pipeline

Redos on Discord integrations

Redos on Google Chat Integration

Denial of Service Attack via Pin Menu

DoS by filtering tags and branches via the API

MR approval via CSRF in SAML SSO

Banned user from groups can read issues updates via the api

Require confirmation before linking JWT identity

View confidential issues title and description of any public project via export

SSRF via Github importer

References

CVE Name CVE-2023-6195
CVE Name CVE-2023-6682
CVE Name CVE-2023-6688
CVE Name CVE-2024-1211
CVE Name CVE-2024-1539
CVE Name CVE-2024-2454
CVE Name CVE-2024-2651
CVE Name CVE-2024-2878
CVE Name CVE-2024-3976
CVE Name CVE-2024-4539
CVE Name CVE-2024-4597
URL https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/