FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
17.4.0 <= gitlab-ce < 17.4.1
17.3.0 <= gitlab-ce < 17.3.4
15.6.0 <= gitlab-ce < 17.2.8
17.4.0 <= gitlab-ee < 17.4.1
17.3.0 <= gitlab-ee < 17.3.4
15.6.0 <= gitlab-ee < 17.2.8

Details

VuXML ID 4b7ed61f-7bbf-11ef-9369-2cf05da270f3
Discovery 2024-09-25
Entry 2024-09-26

Gitlab reports:

Maintainer can leak Dependency Proxy password by changing Dependency Proxy URL via crafted POST request

AI feature reads unsanitized content, allowing for attacker to hide prompt injection

Project reference can be exposed in system notes

[source]

References

CVE Name CVE-2024-4099
CVE Name CVE-2024-4278
CVE Name CVE-2024-8974
URL https://about.gitlab.com/releases/2024/09/25/patch-release-gitlab-17-4-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.