FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
17.1.0 <= gitlab-ce < 17.1.2
17.0.0 <= gitlab-ce < 17.0.4
11.8.0 <= gitlab-ce < 16.11.6
17.1.0 <= gitlab-ee < 17.1.2
17.0.0 <= gitlab-ee < 17.0.4
11.8.0 <= gitlab-ee < 16.11.6

Details

VuXML ID acb4eab6-3f6d-11ef-8657-001b217b3468
Discovery 2024-07-10
Entry 2024-07-11

Gitlab reports:

An attacker can run pipeline jobs as an arbitrary user

Developer user with admin_compliance_framework permission can change group URL

Admin push rules custom role allows creation of project level deploy token

Package registry vulnerable to manifest confusion

User with admin_group_member permission can ban group members

Subdomain takeover in GitLab Pages

[source]

References

CVE Name CVE-2024-2880
CVE Name CVE-2024-5257
CVE Name CVE-2024-5470
CVE Name CVE-2024-5528
CVE Name CVE-2024-6385
CVE Name CVE-2024-6595
URL https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.