FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.2.0 <= gitlab-ce < 17.2.2
17.1.0 <= gitlab-ce < 17.1.4
12.0.0 <= gitlab-ce < 17.0.6
17.2.0 <= gitlab-ee < 17.2.2
17.1.0 <= gitlab-ee < 17.1.4
12.0.0 <= gitlab-ee < 17.0.6

Details

VuXML ID 729008b9-54bf-11ef-a61b-2cf05da270f3
Discovery 2024-08-07
Entry 2024-08-07

Gitlab reports:

Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access

Cross project access of Security policy bot

Advanced search ReDOS in highlight for code results

Denial of Service via banzai pipeline

Denial of service using adoc files

ReDoS in RefMatcher when matching branch names using wildcards

Path encoding can cause the Web interface to not render diffs correctly

XSS while viewing raw XHTML files through API

Ambiguous tag name exploitation

Logs disclosings potentially sensitive data in query params

Password bypass on approvals using policy projects

ReDoS when parsing git push

Webhook deletion audit log can preserve auth credentials

[source]

References

CVE Name CVE-2024-2800
CVE Name CVE-2024-3035
CVE Name CVE-2024-3114
CVE Name CVE-2024-3958
CVE Name CVE-2024-4207
CVE Name CVE-2024-4210
CVE Name CVE-2024-4784
CVE Name CVE-2024-5423
CVE Name CVE-2024-6329
CVE Name CVE-2024-6356
CVE Name CVE-2024-7586
URL https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.