FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
16.6.0 <= gitlab-ce < 16.6.1
16.5.0 <= gitlab-ce < 16.5.3
8.13.0 <= gitlab-ce < 16.4.3


VuXML ID 3b14b2b4-9014-11ee-98b3-001b217b3468
Discovery 2023-11-30
Entry 2023-12-01

Gitlab reports:

XSS and ReDoS in Markdown via Banzai pipeline of Jira

Members with admin_group_member custom permission can add members with higher role

Release Description visible in public projects despite release set as project members only through atom response

Manipulate the repository content in the UI (CVE-2023-3401 bypass)

External user can abuse policy bot to gain access to internal projects

Client-side DOS via Mermaid Flowchart

Developers can update pipeline schedules to use protected branches even if they don't have permission to merge

Users can install Composer packages from public projects even when Package registry is turned off

Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches

Guest users can react (emojis) on confidential work items which they cant see in a project


CVE Name CVE-2023-3443
CVE Name CVE-2023-3949
CVE Name CVE-2023-3964
CVE Name CVE-2023-4317
CVE Name CVE-2023-4658
CVE Name CVE-2023-4912
CVE Name CVE-2023-5226
CVE Name CVE-2023-5995
CVE Name CVE-2023-6033
CVE Name CVE-2023-6396