[FREEBSD:F848EF90-1848-11EF-9850-001B217B3468] Gitlab -- Vulnerabilities

Severity High
Affected Packages 1
CVEs 6

Gitlab reports:

  1-click account takeover via XSS in the code editor in gitlab.com
  A DOS vulnerability in the 'description' field of the runner
  CSRF via K8s cluster-integration
  Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match
  Redos on wiki render API/Page
  Resource exhaustion and denial of service with test_report API calls
  Guest user can view dependency lists of private projects through job artifacts
  Stored XSS via PDFjs
Package Affected Version
pkg:freebsd/gitlab-ce < 17.0.1
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:freebsd/gitlab-ce gitlab-ce < 17.0.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...