FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
17.0.0 <= gitlab-ce < 17.0.1
16.11.0 <= gitlab-ce < 16.11.3
11.11 <= gitlab-ce < 16.10.6
17.0.0 <= gitlab-ee < 17.0.1
16.11.0 <= gitlab-ee < 16.11.3
11.11 <= gitlab-ee < 16.10.6


VuXML ID f848ef90-1848-11ef-9850-001b217b3468
Discovery 2024-05-22
Entry 2024-05-22

Gitlab reports:

1-click account takeover via XSS in the code editor in

A DOS vulnerability in the 'description' field of the runner

CSRF via K8s cluster-integration

Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match

Redos on wiki render API/Page

Resource exhaustion and denial of service with test_report API calls

Guest user can view dependency lists of private projects through job artifacts

Stored XSS via PDFjs


CVE Name CVE-2023-6502
CVE Name CVE-2023-7045
CVE Name CVE-2024-1947
CVE Name CVE-2024-2874
CVE Name CVE-2024-4367
CVE Name CVE-2024-4835