FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b2caae55-dc38-11ee-96dc-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions Discovery 2024-03-06 Entry 2024-03-07 gitlab-ce ge 16.9.0 lt 16.9.2 ge 16.8.0 lt 16.8.4 ge 11.3.0 lt 16.7.7 CVE-2024-0199 CVE-2024-1299 https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/
03bf5157-d145-11ee-acee-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: Stored-XSS in user's profile page User with "admin_group_members" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard Users with the Guest role can change Custom dashboard projects settings for projects in the victim group Group member with sub-maintainer role can change title of shared private deploy keys Bypassing approvals of CODEOWNERS Discovery 2024-02-21 Entry 2024-02-22 gitlab-ce ge 16.9.0 lt 16.9.1 ge 16.8.0 lt 16.8.3 ge 11.3.0 lt 16.7.6 CVE-2024-1451 CVE-2023-6477 CVE-2023-6736 CVE-2024-1525 CVE-2023-4895 CVE-2024-0861 CVE-2023-3509 CVE-2024-0410 https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/
d2992bc2-ed18-11ee-96dc-001b217b3468	Gitlab -- vulnerabilities Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis Discovery 2024-03-27 Entry 2024-03-28 gitlab-ce ge 16.10.0 lt 16.10.1 ge 16.9.0 lt 16.9.3 < 16.8.5 CVE-2023-6371 CVE-2024-2818 https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/

VuXML ID

Description

b2caae55-dc38-11ee-96dc-001b217b3468

Gitlab -- Vulnerabilities

Gitlab reports:

Bypassing CODEOWNERS approval allowing to steal protected variables

Guest with manage group access tokens can rotate and see group access token with owner permissions

Discovery 2024-03-06
Entry 2024-03-07
gitlab-ce

ge 16.9.0 lt 16.9.2

ge 16.8.0 lt 16.8.4

ge 11.3.0 lt 16.7.7

CVE-2024-0199
CVE-2024-1299
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/

03bf5157-d145-11ee-acee-001b217b3468

Gitlab -- Vulnerabilities

Gitlab reports:

Stored-XSS in user's profile page

User with "admin_group_members" permission can invite other groups to gain owner access

ReDoS issue in the Codeowners reference extractor

LDAP user can reset password using secondary email and login using direct authentication

Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard

Users with the Guest role can change Custom dashboard projects settings for projects in the victim group

Group member with sub-maintainer role can change title of shared private deploy keys

Bypassing approvals of CODEOWNERS

Discovery 2024-02-21
Entry 2024-02-22
gitlab-ce

ge 16.9.0 lt 16.9.1

ge 16.8.0 lt 16.8.3

ge 11.3.0 lt 16.7.6

CVE-2024-1451
CVE-2023-6477
CVE-2023-6736
CVE-2024-1525
CVE-2023-4895
CVE-2024-0861
CVE-2023-3509
CVE-2024-0410
https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/

d2992bc2-ed18-11ee-96dc-001b217b3468

Gitlab -- vulnerabilities

Gitlab reports:

Stored-XSS injected in Wiki page via Banzai pipeline

DOS using crafted emojis

Discovery 2024-03-27
Entry 2024-03-28
gitlab-ce

ge 16.10.0 lt 16.10.1

ge 16.9.0 lt 16.9.3

< 16.8.5

CVE-2023-6371
CVE-2024-2818
https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/