FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.6.0 <= gitlab-ce < 16.6.2
16.5.0 <= gitlab-ce < 16.5.4
8.17.0 <= gitlab-ce < 16.4.4


VuXML ID e2fb85ce-9a3c-11ee-af26-001b217b3468
Discovery 2023-12-13
Entry 2023-12-14

Gitlab reports:

Smartcard authentication allows impersonation of arbitrary user using user's public certificate

When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge

The GitLab web interface does not ensure the integrity of information when downloading the source code from installation packages or tags

Project maintainer can escalate to Project owner using project access token rotate API

Omission of Double Encoding in File Names Facilitates the Creation of Repositories with Malicious Content

Unvalidated timeSpent value leads to unable to load issues on Issue board

Developer can bypass predefined variables via REST API

Auditor users can create merge requests on projects they don't have access to


CVE Name CVE-2023-3511
CVE Name CVE-2023-3904
CVE Name CVE-2023-3907
CVE Name CVE-2023-5061
CVE Name CVE-2023-5512
CVE Name CVE-2023-6051
CVE Name CVE-2023-6564
CVE Name CVE-2023-6680