FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3cde510a-7135-11ed-a28b-bff032704f00	Gitlab -- Multiple Vulnerabilities Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches Webhook secret tokens leaked in webhook logs Maintainer can leak webhook secret token by changing the webhook URL Cross-site scripting in Jira Integration affecting self-hosted instances without strict CSP Release names visible in public projects despite release set as project members only Sidekiq background job DoS by uploading malicious NuGet packages SSRF in Web Terminal advertise_address Discovery 2022-11-30 Entry 2022-12-01 gitlab-ce ge 15.6.0 lt 15.6.1 ge 15.5.0 lt 15.5.5 ge 9.3.0 lt 15.4.6 CVE-2022-4206 CVE-2022-3820 CVE-2022-3740 CVE-2022-4205 CVE-2022-3902 CVE-2022-4054 CVE-2022-3572 CVE-2022-3482 CVE-2022-3478 CVE-2022-4201 https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/

VuXML ID

Description

3cde510a-7135-11ed-a28b-bff032704f00

Gitlab -- Multiple Vulnerabilities

Gitlab reports:

DAST API scanner exposes Authorization headers in vulnerabilities

Group IP allow-list not fully respected by the Package Registry

Deploy keys and tokens may bypass External Authorization service if it is enabled

Repository import still allows to import 40 hexadecimal branches

Webhook secret tokens leaked in webhook logs

Maintainer can leak webhook secret token by changing the webhook URL

Cross-site scripting in Jira Integration affecting self-hosted instances without strict CSP

Release names visible in public projects despite release set as project members only

Sidekiq background job DoS by uploading malicious NuGet packages

SSRF in Web Terminal advertise_address

Discovery 2022-11-30
Entry 2022-12-01
gitlab-ce

ge 15.6.0 lt 15.6.1

ge 15.5.0 lt 15.5.5

ge 9.3.0 lt 15.4.6

CVE-2022-4206
CVE-2022-3820
CVE-2022-3740
CVE-2022-4205
CVE-2022-3902
CVE-2022-4054
CVE-2022-3572
CVE-2022-3482
CVE-2022-3478
CVE-2022-4201
https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/