FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-09-13 07:13:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
24c88add-4a3e-11ef-86d7-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: XSS via the Maven Dependency Proxy Project level analytics settings leaked in DOM Reports can access and download job artifacts despite use of settings to prevent it Direct Transfer - Authorised project/group exports are accessible to other users Bypassing tag check and branch check through imports Project Import/Export - Make project/group export files hidden to everyone except user who initiated it Discovery 2024-07-24 Entry 2024-07-25 gitlab-ce gitlab-ee >= 17.2.0 lt 17.2.1 >= 17.1.0 lt 17.1.3 >= 12.0.0 lt 17.0.5 CVE-2024-5067 CVE-2024-7057 CVE-2024-0231 https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/
729008b9-54bf-11ef-a61b-2cf05da270f3	Gitlab -- Vulnerabilities Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching branch names using wildcards Path encoding can cause the Web interface to not render diffs correctly XSS while viewing raw XHTML files through API Ambiguous tag name exploitation Logs disclosings potentially sensitive data in query params Password bypass on approvals using policy projects ReDoS when parsing git push Webhook deletion audit log can preserve auth credentials Discovery 2024-08-07 Entry 2024-08-07 gitlab-ce gitlab-ee >= 17.2.0 lt 17.2.2 >= 17.1.0 lt 17.1.4 >= 12.0.0 lt 17.0.6 CVE-2024-3035 CVE-2024-6356 CVE-2024-5423 CVE-2024-4210 CVE-2024-2800 CVE-2024-6329 CVE-2024-4207 CVE-2024-3958 CVE-2024-4784 CVE-2024-3114 CVE-2024-7586 https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/
49ef501c-62b6-11ef-bba5-2cf05da270f3	Gitlab -- vulnerabilities Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions Discovery 2024-08-21 Entry 2024-08-25 gitlab-ce gitlab-ee >= 17.3.0 lt 17.3.1 >= 17.2.0 lt 17.2.4 >= 8.2.0 lt 17.1.6 CVE-2024-6502 CVE-2024-8041 CVE-2024-7110 CVE-2024-3127 https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/

VuXML ID

Description

24c88add-4a3e-11ef-86d7-001b217b3468

Gitlab -- Vulnerabilities

Gitlab reports:

XSS via the Maven Dependency Proxy

Project level analytics settings leaked in DOM

Reports can access and download job artifacts despite use of settings to prevent it

Direct Transfer - Authorised project/group exports are accessible to other users

Bypassing tag check and branch check through imports

Project Import/Export - Make project/group export files hidden to everyone except user who initiated it

Discovery 2024-07-24
Entry 2024-07-25
gitlab-ce
gitlab-ee

>= 17.2.0 lt 17.2.1

>= 17.1.0 lt 17.1.3

>= 12.0.0 lt 17.0.5

CVE-2024-5067
CVE-2024-7057
CVE-2024-0231
https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/

729008b9-54bf-11ef-a61b-2cf05da270f3

Gitlab -- Vulnerabilities

Gitlab reports:

Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access

Cross project access of Security policy bot

Advanced search ReDOS in highlight for code results

Denial of Service via banzai pipeline

Denial of service using adoc files

ReDoS in RefMatcher when matching branch names using wildcards

Path encoding can cause the Web interface to not render diffs correctly

XSS while viewing raw XHTML files through API

Ambiguous tag name exploitation

Logs disclosings potentially sensitive data in query params

Password bypass on approvals using policy projects

ReDoS when parsing git push

Webhook deletion audit log can preserve auth credentials

Discovery 2024-08-07
Entry 2024-08-07
gitlab-ce
gitlab-ee

>= 17.2.0 lt 17.2.2

>= 17.1.0 lt 17.1.4

>= 12.0.0 lt 17.0.6

CVE-2024-3035
CVE-2024-6356
CVE-2024-5423
CVE-2024-4210
CVE-2024-2800
CVE-2024-6329
CVE-2024-4207
CVE-2024-3958
CVE-2024-4784
CVE-2024-3114
CVE-2024-7586
https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/

49ef501c-62b6-11ef-bba5-2cf05da270f3

Gitlab -- vulnerabilities

Gitlab reports:

The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases

Denial of Service by importing maliciously crafted GitHub repository

Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline

An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions

Discovery 2024-08-21
Entry 2024-08-25
gitlab-ce
gitlab-ee

>= 17.3.0 lt 17.3.1

>= 17.2.0 lt 17.2.4

>= 8.2.0 lt 17.1.6

CVE-2024-6502
CVE-2024-8041
CVE-2024-7110
CVE-2024-3127
https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/