FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.2.0 <= gitlab-ce < 17.2.1
17.1.0 <= gitlab-ce < 17.1.3
12.0.0 <= gitlab-ce < 17.0.5
17.2.0 <= gitlab-ee < 17.2.1
17.1.0 <= gitlab-ee < 17.1.3
12.0.0 <= gitlab-ee < 17.0.5

Details

VuXML ID 24c88add-4a3e-11ef-86d7-001b217b3468
Discovery 2024-07-24
Entry 2024-07-25

Gitlab reports:

XSS via the Maven Dependency Proxy

Project level analytics settings leaked in DOM

Reports can access and download job artifacts despite use of settings to prevent it

Direct Transfer - Authorised project/group exports are accessible to other users

Bypassing tag check and branch check through imports

Project Import/Export - Make project/group export files hidden to everyone except user who initiated it

[source]

References

CVE Name CVE-2024-0231
CVE Name CVE-2024-5067
CVE Name CVE-2024-7057
URL https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.