FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
16.1.0 <= gitlab-ce < 16.1.1
16.0.0 <= gitlab-ce < 16.0.6
15.11.0 <= gitlab-ce < 15.11.10
7.14.0 <= gitlab-ce < 15.10.8

Details

VuXML ID 3117e6cd-1772-11ee-9cd6-001b217b3468
Discovery 2023-06-29
Entry 2023-06-30

Gitlab reports:

ReDoS via EpicReferenceFilter in any Markdown fields

New commits to private projects visible in forks created while project was public

New commits to private projects visible in forks created while project was public

Maintainer can leak masked webhook secrets by manipulating URL masking

Information disclosure of project import errors

Sensitive information disclosure via value stream analytics controller

Bypassing Code Owners branch protection rule in GitLab

HTML injection in email address

Webhook token leaked in Sidekiq logs if log format is 'default'

Private email address of service desk issue creator disclosed via issues API

[source]

References

CVE Name CVE-2023-1936
CVE Name CVE-2023-2190
CVE Name CVE-2023-2200
CVE Name CVE-2023-2576
CVE Name CVE-2023-2620
CVE Name CVE-2023-3102
CVE Name CVE-2023-3362
CVE Name CVE-2023-3363
CVE Name CVE-2023-3424
CVE Name CVE-2023-3444
URL https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.