FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.11.0 <= gitlab-ce < 16.11.1
16.10.0 <= gitlab-ce < 16.10.4
7.8.0 <= gitlab-ce < 16.9.6
16.11.0 <= gitlab-ee < 16.11.1
16.10.0 <= gitlab-ee < 16.10.4
7.8.0 <= gitlab-ee < 16.9.6

Details

VuXML ID b857606c-0266-11ef-8681-001b217b3468
Discovery 2024-04-24
Entry 2024-04-24

Gitlab reports:

GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider

Path Traversal leads to DoS and Restricted File Read

Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search

Personal Access Token scopes not honoured by GraphQL subscriptions

Domain based restrictions bypass using a crafted email address

[source]

References

CVE Name CVE-2024-1347
CVE Name CVE-2024-2434
CVE Name CVE-2024-2829
CVE Name CVE-2024-4006
CVE Name CVE-2024-4024
URL https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.