FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.7.0 <= gitlab-ce < 16.7.2
16.6.0 <= gitlab-ce < 16.6.4
8.13.0 <= gitlab-ce < 16.5.6

Details

VuXML ID 4c8c2218-b120-11ee-90ec-001b217b3468
Discovery 2024-01-11
Entry 2024-01-12

Gitlab reports:

Account Takeover via Password Reset without user interactions

Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user

Bypass CODEOWNERS approval removal

Workspaces able to be created under different root namespace

Commit signature validation ignores headers after signature

[source]

References

CVE Name CVE-2023-2030
CVE Name CVE-2023-4812
CVE Name CVE-2023-5356
CVE Name CVE-2023-6955
CVE Name CVE-2023-7028
URL https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.