FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
43f84437-73ab-11ec-a587-001b217b3468	Gitlab -- Multiple Vulnerabilities Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of state parameter on GitHub import project OAuth Vulnerability related fields are available to unauthorized users on GraphQL API Deleting packages may cause table locks IP restriction bypass via GraphQL Repository content spoofing using Git replacement references Users can import members from projects that they are not a maintainer on through API Possibility to direct user to malicious site through Slack integration Bypassing file size limits to the NPM package repository User with expired password can still access sensitive information Incorrect port validation allows access to services on ports 80 and 443 if GitLab is configured to run on another port Discovery 2022-01-11 Entry 2022-01-12 gitlab-ce ge 14.6.0 lt 14.6.2 ge 14.5.0 lt 14.5.3 ge 7.7 lt 14.4.5 CVE-2021-39946 CVE-2022-0154 CVE-2022-0152 CVE-2022-0151 CVE-2022-0172 CVE-2022-0090 CVE-2022-0125 CVE-2022-0124 CVE-2021-39942 CVE-2022-0093 CVE-2021-39927 https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/

VuXML ID

Description

43f84437-73ab-11ec-a587-001b217b3468

Gitlab -- Multiple Vulnerabilities

Gitlab reports:

Arbitrary file read via group import feature

Stored XSS in notes

Lack of state parameter on GitHub import project OAuth

Vulnerability related fields are available to unauthorized users on GraphQL API

Deleting packages may cause table locks

IP restriction bypass via GraphQL

Repository content spoofing using Git replacement references

Users can import members from projects that they are not a maintainer on through API

Possibility to direct user to malicious site through Slack integration

Bypassing file size limits to the NPM package repository

User with expired password can still access sensitive information

Incorrect port validation allows access to services on ports 80 and 443 if GitLab is configured to run on another port

Discovery 2022-01-11
Entry 2022-01-12
gitlab-ce

ge 14.6.0 lt 14.6.2

ge 14.5.0 lt 14.5.3

ge 7.7 lt 14.4.5

CVE-2021-39946
CVE-2022-0154
CVE-2022-0152
CVE-2022-0151
CVE-2022-0172
CVE-2022-0090
CVE-2022-0125
CVE-2022-0124
CVE-2021-39942
CVE-2022-0093
CVE-2021-39927
https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/