FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6b2cba6a-c6a5-11ee-97d0-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy block_branch_modification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay Discovery 2024-02-07 Entry 2024-02-08 gitlab-ce ge 16.8.0 lt 16.8.2 ge 16.7.0 lt 16.7.5 ge 13.3.0 lt 16.6.7 CVE-2024-1250 CVE-2023-6840 CVE-2023-6386 CVE-2024-1066 https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/
03bf5157-d145-11ee-acee-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: Stored-XSS in user's profile page User with "admin_group_members" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard Users with the Guest role can change Custom dashboard projects settings for projects in the victim group Group member with sub-maintainer role can change title of shared private deploy keys Bypassing approvals of CODEOWNERS Discovery 2024-02-21 Entry 2024-02-22 gitlab-ce ge 16.9.0 lt 16.9.1 ge 16.8.0 lt 16.8.3 ge 11.3.0 lt 16.7.6 CVE-2024-1451 CVE-2023-6477 CVE-2023-6736 CVE-2024-1525 CVE-2023-4895 CVE-2024-0861 CVE-2023-3509 CVE-2024-0410 https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/
4c8c2218-b120-11ee-90ec-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: Account Takeover via Password Reset without user interactions Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Bypass CODEOWNERS approval removal Workspaces able to be created under different root namespace Commit signature validation ignores headers after signature Discovery 2024-01-11 Entry 2024-01-12 gitlab-ce ge 16.7.0 lt 16.7.2 ge 16.6.0 lt 16.6.4 ge 8.13.0 lt 16.5.6 CVE-2023-7028 CVE-2023-5356 CVE-2023-4812 CVE-2023-6955 CVE-2023-2030 https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
b2caae55-dc38-11ee-96dc-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions Discovery 2024-03-06 Entry 2024-03-07 gitlab-ce ge 16.9.0 lt 16.9.2 ge 16.8.0 lt 16.8.4 ge 11.3.0 lt 16.7.7 CVE-2024-0199 CVE-2024-1299 https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
d2992bc2-ed18-11ee-96dc-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis Discovery 2024-03-27 Entry 2024-03-28 gitlab-ce ge 16.10.0 lt 16.10.1 ge 16.9.0 lt 16.9.3 < 16.8.5 CVE-2023-6371 CVE-2024-2818 https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/
61fe903b-bc2e-11ee-b06e-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: Arbitrary file write while creating workspace ReDoS in Cargo.toml blob viewer Arbitrary API PUT requests via HTML injection in user's name Disclosure of the public email in Tags RSS Feed Non-Member can update MR Assignees of owned MRs Discovery 2024-01-25 Entry 2024-01-26 gitlab-ce ge 16.8.0 lt 16.8.1 ge 16.7.0 lt 16.7.4 ge 16.6.0 lt 16.6.6 ge 12.7.0 lt 16.5.8 CVE-2024-0402 CVE-2023-6159 CVE-2023-5933 CVE-2023-5612 CVE-2024-0456 https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/