FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 00:09:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
275ac414-b847-11ef-9877-2cf05da270f3	Gitlab -- Vulnerabilities Gitlab reports: Injection of Network Error Logging (NEL) headers in kubernetes proxy response could lead to ATO abusing OAuth flows Denial of Service by repeatedly sending unauthenticated requests for diff-files CI_JOB_TOKEN could be used to obtain GitLab session Open redirect in releases API Client-Side Path Traversal in Harbor artifact links HTML injection in vulnerability details could lead to Cross Site Scripting Leak branch names of projects with confidential repository Non member can view unresolved threads marked as internal notes Uncontrolled Resource Consumption through a maliciously crafted file Certain sensitive information passed as literals inside GraphQL mutations retained in GraphQL logs Information disclosure of confidential incidents details to a group member in Gitlab Wiki Domain Confusion in GitLab Pages Unique Domain Implementation Discovery 2024-12-11 Entry 2024-12-12 gitlab-ce gitlab-ee >= 17.6.0 lt 17.6.2 >= 17.5.0 lt 17.5.4 >= 9.4.0 lt 17.4.6 CVE-2024-11274 CVE-2024-8233 CVE-2024-9387 CVE-2024-8647 CVE-2024-8179 CVE-2024-8116 CVE-2024-8650 CVE-2024-9367 CVE-2024-12292 CVE-2024-12292 CVE-2024-10043 https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/

VuXML ID

Description

275ac414-b847-11ef-9877-2cf05da270f3

Gitlab -- Vulnerabilities

Gitlab reports:

Injection of Network Error Logging (NEL) headers in kubernetes proxy response could lead to ATO abusing OAuth flows

Denial of Service by repeatedly sending unauthenticated requests for diff-files

CI_JOB_TOKEN could be used to obtain GitLab session

Open redirect in releases API

Client-Side Path Traversal in Harbor artifact links

HTML injection in vulnerability details could lead to Cross Site Scripting

Leak branch names of projects with confidential repository

Non member can view unresolved threads marked as internal notes

Uncontrolled Resource Consumption through a maliciously crafted file

Certain sensitive information passed as literals inside GraphQL mutations retained in GraphQL logs

Information disclosure of confidential incidents details to a group member in Gitlab Wiki

Domain Confusion in GitLab Pages Unique Domain Implementation

Discovery 2024-12-11
Entry 2024-12-12
gitlab-ce
gitlab-ee

>= 17.6.0 lt 17.6.2

>= 17.5.0 lt 17.5.4

>= 9.4.0 lt 17.4.6

CVE-2024-11274
CVE-2024-8233
CVE-2024-9387
CVE-2024-8647
CVE-2024-8179
CVE-2024-8116
CVE-2024-8650
CVE-2024-9367
CVE-2024-12292
CVE-2024-12292
CVE-2024-10043
https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/