FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 00:09:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2263ea04-ac81-11ef-998c-2cf05da270f3	Gitlab -- vulnerabilities Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with test_report API calls Streaming endpoint did not invalidate tokens after revocation Discovery 2024-11-26 Entry 2024-11-27 gitlab-ce gitlab-ee >= 17.6.0 lt 17.6.1 >= 17.5.0 lt 17.5.3 >= 8.12.0 lt 17.4.5 CVE-2024-8114 CVE-2024-8237 CVE-2024-11669 CVE-2024-8177 CVE-2024-11828 CVE-2024-11668 https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/
275ac414-b847-11ef-9877-2cf05da270f3	Gitlab -- Vulnerabilities Gitlab reports: Injection of Network Error Logging (NEL) headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CI_JOB_TOKEN could be used to obtain GitLab session Open redirect in releases API Client-Side Path Traversal in Harbor artifact links HTML injection in vulnerability details could lead to Cross Site Scripting Leak branch names of projects with confidential repository Non member can view unresolved threads marked as internal notes Uncontrolled Resource Consumption through a maliciously crafted file Certain sensitive information passed as literals inside GraphQL mutations retained in GraphQL logs Information disclosure of confidential incidents details to a group member in Gitlab Wiki Domain Confusion in GitLab Pages Unique Domain Implementation Discovery 2024-12-11 Entry 2024-12-12 gitlab-ce gitlab-ee >= 17.6.0 lt 17.6.2 >= 17.5.0 lt 17.5.4 >= 9.4.0 lt 17.4.6 CVE-2024-11274 CVE-2024-8233 CVE-2024-9387 CVE-2024-8647 CVE-2024-8179 CVE-2024-8116 CVE-2024-8650 CVE-2024-9367 CVE-2024-12292 CVE-2024-12292 CVE-2024-10043 https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/

VuXML ID

Description

2263ea04-ac81-11ef-998c-2cf05da270f3

Gitlab -- vulnerabilities

Gitlab reports:

Privilege Escalation via LFS Tokens

DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file

Unintended Access to Usage Data via Scoped Tokens

Gitlab DOS via Harbor registry integration

Resource exhaustion and denial of service with test_report API calls

Streaming endpoint did not invalidate tokens after revocation

Discovery 2024-11-26
Entry 2024-11-27
gitlab-ce
gitlab-ee

>= 17.6.0 lt 17.6.1

>= 17.5.0 lt 17.5.3

>= 8.12.0 lt 17.4.5

CVE-2024-8114
CVE-2024-8237
CVE-2024-11669
CVE-2024-8177
CVE-2024-11828
CVE-2024-11668
https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/

275ac414-b847-11ef-9877-2cf05da270f3

Gitlab -- Vulnerabilities

Gitlab reports:

Injection of Network Error Logging (NEL) headers in kubernetes proxy response could lead to ATO abusing OAuth flows

Denial of Service by repeatedly sending unauthenticated requests for diff-files

CI_JOB_TOKEN could be used to obtain GitLab session

Open redirect in releases API

Client-Side Path Traversal in Harbor artifact links

HTML injection in vulnerability details could lead to Cross Site Scripting

Leak branch names of projects with confidential repository

Non member can view unresolved threads marked as internal notes

Uncontrolled Resource Consumption through a maliciously crafted file

Certain sensitive information passed as literals inside GraphQL mutations retained in GraphQL logs

Information disclosure of confidential incidents details to a group member in Gitlab Wiki

Domain Confusion in GitLab Pages Unique Domain Implementation

Discovery 2024-12-11
Entry 2024-12-12
gitlab-ce
gitlab-ee

>= 17.6.0 lt 17.6.2

>= 17.5.0 lt 17.5.4

>= 9.4.0 lt 17.4.6

CVE-2024-11274
CVE-2024-8233
CVE-2024-9387
CVE-2024-8647
CVE-2024-8179
CVE-2024-8116
CVE-2024-8650
CVE-2024-9367
CVE-2024-12292
CVE-2024-12292
CVE-2024-10043
https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/