FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
17.4.0 <= gitlab-ce < 17.4.2
17.3.0 <= gitlab-ce < 17.3.5
8.16 <= gitlab-ce < 17.2.9
17.4.0 <= gitlab-ee < 17.4.2
17.3.0 <= gitlab-ee < 17.3.5
8.16 <= gitlab-ee < 17.2.9

Details

VuXML ID cc1ac01e-86b0-11ef-9369-2cf05da270f3
Discovery 2024-10-09
Entry 2024-10-10

Gitlab reports:

Run pipelines on arbitrary branches

An attacker can impersonate arbitrary user

SSRF in Analytics Dashboard

Viewing diffs of MR with conflicts can be slow

HTMLi in OAuth page

Deploy Keys can push changes to an archived repository

Guests can disclose project templates

GitLab instance version disclosed to unauthorized users

[source]

References

CVE Name CVE-2024-5005
CVE Name CVE-2024-6530
CVE Name CVE-2024-8970
CVE Name CVE-2024-8977
CVE Name CVE-2024-9164
CVE Name CVE-2024-9596
CVE Name CVE-2024-9623
CVE Name CVE-2024-9631
URL https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.