FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.0.0 <= gitlab-ce < 17.0.1
16.11.0 <= gitlab-ce < 16.11.3
11.11 <= gitlab-ce < 16.10.6
17.0.0 <= gitlab-ee < 17.0.1
16.11.0 <= gitlab-ee < 16.11.3
11.11 <= gitlab-ee < 16.10.6

Details

VuXML ID f848ef90-1848-11ef-9850-001b217b3468
Discovery 2024-05-22
Entry 2024-05-22

Gitlab reports:

1-click account takeover via XSS in the code editor in gitlab.com

A DOS vulnerability in the 'description' field of the runner

CSRF via K8s cluster-integration

Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match

Redos on wiki render API/Page

Resource exhaustion and denial of service with test_report API calls

Guest user can view dependency lists of private projects through job artifacts

Stored XSS via PDFjs

[source]

References

CVE Name CVE-2023-6502
CVE Name CVE-2023-7045
CVE Name CVE-2024-1947
CVE Name CVE-2024-2874
CVE Name CVE-2024-4367
CVE Name CVE-2024-4835
URL https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.