FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 05:46:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
03bf5157-d145-11ee-acee-001b217b3468Gitlab -- Vulnerabilities

Gitlab reports:

Stored-XSS in user's profile page

User with "admin_group_members" permission can invite other groups to gain owner access

ReDoS issue in the Codeowners reference extractor

LDAP user can reset password using secondary email and login using direct authentication

Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard

Users with the Guest role can change Custom dashboard projects settings for projects in the victim group

Group member with sub-maintainer role can change title of shared private deploy keys

Bypassing approvals of CODEOWNERS


Discovery 2024-02-21
Entry 2024-02-22
gitlab-ce
ge 16.9.0 lt 16.9.1

ge 16.8.0 lt 16.8.3

ge 11.3.0 lt 16.7.6

CVE-2024-1451
CVE-2023-6477
CVE-2023-6736
CVE-2024-1525
CVE-2023-4895
CVE-2024-0861
CVE-2023-3509
CVE-2024-0410
https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/