FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4c26f668-0fd2-11ed-a83d-001b217b3468	Gitlab -- multiple vulnerabilities Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines with the wrong author Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email Import via git protocol allows to bypass checks on repository Unauthenticated IP allowlist bypass when accessing job artifacts through GitLab Pages Maintainer can leak Packagist and other integration access tokens by changing integration URL Unauthenticated access to victims Grafana datasources through path traversal Unauthorized users can filter issues by contact and organization Malicious Maintainer may change the visibility of project or a group Stored XSS in job error messages Enforced group MFA can be bypassed when using Resource Owner Password Credentials grant Non project members can view public project's Deploy Keys IDOR in project with Jira integration leaks project owner's other projects Jira issues Group Bot Users and Tokens not deleted after group deletion Email invited members can join projects even after the member lock has been enabled Datadog integration returns user emails Discovery 2022-07-28 Entry 2022-07-30 gitlab-ce ge 15.2.0 lt 15.2.1 ge 15.1.0 lt 15.1.4 ge 0 lt 15.0.5 CVE-2022-2512 CVE-2022-2498 CVE-2022-2326 CVE-2022-2417 CVE-2022-2501 CVE-2022-2497 CVE-2022-2531 CVE-2022-2539 CVE-2022-2456 CVE-2022-2500 CVE-2022-2303 CVE-2022-2095 CVE-2022-2499 CVE-2022-2307 CVE-2022-2459 CVE-2022-2534 https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/

VuXML ID

Description

4c26f668-0fd2-11ed-a83d-001b217b3468

Gitlab -- multiple vulnerabilities

Gitlab reports:

Revoke access to confidential notes todos

Pipeline subscriptions trigger new pipelines with the wrong author

Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email

Import via git protocol allows to bypass checks on repository

Unauthenticated IP allowlist bypass when accessing job artifacts through GitLab Pages

Maintainer can leak Packagist and other integration access tokens by changing integration URL

Unauthenticated access to victims Grafana datasources through path traversal

Unauthorized users can filter issues by contact and organization

Malicious Maintainer may change the visibility of project or a group

Stored XSS in job error messages

Enforced group MFA can be bypassed when using Resource Owner Password Credentials grant

Non project members can view public project's Deploy Keys

IDOR in project with Jira integration leaks project owner's other projects Jira issues

Group Bot Users and Tokens not deleted after group deletion

Email invited members can join projects even after the member lock has been enabled

Datadog integration returns user emails

Discovery 2022-07-28
Entry 2022-07-30
gitlab-ce

ge 15.2.0 lt 15.2.1

ge 15.1.0 lt 15.1.4

ge 0 lt 15.0.5

CVE-2022-2512
CVE-2022-2498
CVE-2022-2326
CVE-2022-2417
CVE-2022-2501
CVE-2022-2497
CVE-2022-2531
CVE-2022-2539
CVE-2022-2456
CVE-2022-2500
CVE-2022-2303
CVE-2022-2095
CVE-2022-2499
CVE-2022-2307
CVE-2022-2459
CVE-2022-2534
https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/