FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3a023570-91ab-11ed-8950-001b217b3468	Gitlab -- Multiple Vulnerabilities Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can leak masked webhook secrets by changing target URL of the webhook Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP Group access tokens continue to work after owner loses ability to revoke them Users' avatar disclosure by user ID in private GitLab instances Arbitrary Protocol Redirection in GitLab Pages Regex DoS due to device-detector parsing user agents Regex DoS in the Submodule Url Parser Discovery 2023-01-09 Entry 2023-01-11 gitlab-ce ge 15.7.0 lt 15.7.2 ge 15.6.0 lt 15.6.4 ge 6.6.0 lt 15.5.7 CVE-2022-4037 CVE-2022-3613 CVE-2022-4365 CVE-2022-4342 CVE-2022-3573 CVE-2022-4167 CVE-2022-3870 CVE-2023-0042 CVE-2022-4131 CVE-2022-3514 https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/

VuXML ID

Description

3a023570-91ab-11ed-8950-001b217b3468

Gitlab -- Multiple Vulnerabilities

Gitlab reports:

Race condition on gitlab.com enables verified email forgery and third-party account hijacking

DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint

Maintainer can leak sentry token by changing the configured URL

Maintainer can leak masked webhook secrets by changing target URL of the webhook

Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP

Group access tokens continue to work after owner loses ability to revoke them

Users' avatar disclosure by user ID in private GitLab instances

Arbitrary Protocol Redirection in GitLab Pages

Regex DoS due to device-detector parsing user agents

Regex DoS in the Submodule Url Parser

Discovery 2023-01-09
Entry 2023-01-11
gitlab-ce

ge 15.7.0 lt 15.7.2

ge 15.6.0 lt 15.6.4

ge 6.6.0 lt 15.5.7

CVE-2022-4037
CVE-2022-3613
CVE-2022-4365
CVE-2022-4342
CVE-2022-3573
CVE-2022-4167
CVE-2022-3870
CVE-2023-0042
CVE-2022-4131
CVE-2022-3514
https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/