FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.4.0 <= gitlab-ce < 16.4.1
16.3.0 <= gitlab-ce < 16.3.5
8.15 <= gitlab-ce < 16.2.8


VuXML ID 6e0ebb4a-5e75-11ee-a365-001b217b3468
Discovery 2023-09-28
Entry 2023-09-29

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project

Group import allows impersonation of users in CI pipelines

Developers can bypass code owners approval by changing a MR's base branch

Leaking source code of restricted project through a fork

Third party library Consul requires enable-script-checks to be False to enable patch

Service account not deleted when namespace is deleted allowing access to internal projects

Enforce SSO settings bypassed for public projects for Members without identity

Removed project member can write to protected branches

Unauthorised association of CI jobs for Machine Learning experiments

Force pipelines to not have access to protected variables and will likely fail using tags

Maintainer can create a fork relationship between existing projects

Disclosure of masked CI variables via processing CI/CD configuration of forks

Asset Proxy Bypass using non-ASCII character in asset URI

Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches

Removed Developer can continue editing the source code of a public project

A project reporter can leak owner's Sentry instance projects

Math rendering in markdown can escape container and hijack clicks


CVE Name CVE-2023-0989
CVE Name CVE-2023-2233
CVE Name CVE-2023-3115
CVE Name CVE-2023-3413
CVE Name CVE-2023-3906
CVE Name CVE-2023-3914
CVE Name CVE-2023-3917
CVE Name CVE-2023-3920
CVE Name CVE-2023-3922
CVE Name CVE-2023-3979
CVE Name CVE-2023-4379
CVE Name CVE-2023-4532
CVE Name CVE-2023-4658
CVE Name CVE-2023-5198
CVE Name CVE-2023-5207
CVE Name CVE-2023-5207