FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3507bfb3-85d5-11ec-8c9c-001b217b3468	Gitlab -- multiple vulnerabilities Gitlab reports: Arbitrary POST requests via special HTML attributes in Jupyter Notebooks DNS Rebinding vulnerability in Irker IRC Gateway integration Missing certificate validation for external CI services Blind SSRF Through Project Import Open redirect vulnerability in Jira Integration Issue link was disclosing the linked issue Service desk email accessible by project non-members Authenticated users can search other users by their private email "External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request Deleting packages in bulk from package registries may cause table locks Autocomplete enabled on specific pages Possible SSRF due to not blocking shared address space System notes reveals private project path when Issue is moved to a public project Timeout for pages using Markdown Certain branch names could not be protected Discovery 2022-02-03 Entry 2022-02-04 gitlab-ce ge 14.7.0 lt 14.7.1 ge 14.6.0 lt 14.6.4 ge 0 lt 14.5.4 CVE-2022-0427 CVE-2022-0425 CVE-2022-0123 CVE-2022-0136 CVE-2022-0283 CVE-2022-0390 CVE-2022-0373 CVE-2022-0371 CVE-2021-39943 CVE-2022-0477 CVE-2022-0167 CVE-2022-0249 CVE-2022-0344 CVE-2022-0488 CVE-2021-39931 https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/

VuXML ID

Description

3507bfb3-85d5-11ec-8c9c-001b217b3468

Gitlab -- multiple vulnerabilities

Gitlab reports:

Arbitrary POST requests via special HTML attributes in Jupyter Notebooks

DNS Rebinding vulnerability in Irker IRC Gateway integration

Missing certificate validation for external CI services

Blind SSRF Through Project Import

Open redirect vulnerability in Jira Integration

Issue link was disclosing the linked issue

Service desk email accessible by project non-members

Authenticated users can search other users by their private email

"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request

Deleting packages in bulk from package registries may cause table locks

Autocomplete enabled on specific pages

Possible SSRF due to not blocking shared address space

System notes reveals private project path when Issue is moved to a public project

Timeout for pages using Markdown

Certain branch names could not be protected

Discovery 2022-02-03
Entry 2022-02-04
gitlab-ce

ge 14.7.0 lt 14.7.1

ge 14.6.0 lt 14.6.4

ge 0 lt 14.5.4

CVE-2022-0427
CVE-2022-0425
CVE-2022-0123
CVE-2022-0136
CVE-2022-0283
CVE-2022-0390
CVE-2022-0373
CVE-2022-0371
CVE-2021-39943
CVE-2022-0477
CVE-2022-0167
CVE-2022-0249
CVE-2022-0344
CVE-2022-0488
CVE-2021-39931
https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/