FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-25 14:24:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3b14b2b4-9014-11ee-98b3-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admin_group_member custom permission can add members with higher role Release Description visible in public projects despite release set as project members only through atom response Manipulate the repository content in the UI (CVE-2023-3401 bypass) External user can abuse policy bot to gain access to internal projects Client-side DOS via Mermaid Flowchart Developers can update pipeline schedules to use protected branches even if they don't have permission to merge Users can install Composer packages from public projects even when Package registry is turned off Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches Guest users can react (emojis) on confidential work items which they cant see in a project Discovery 2023-11-30 Entry 2023-12-01 gitlab-ce >= 16.6.0 lt 16.6.1 >= 16.5.0 lt 16.5.3 >= 8.13.0 lt 16.4.3 CVE-2023-6033 CVE-2023-6396 CVE-2023-3949 CVE-2023-5226 CVE-2023-5995 CVE-2023-4912 CVE-2023-4317 CVE-2023-3964 CVE-2023-4658 CVE-2023-3443 https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/

VuXML ID

Description

3b14b2b4-9014-11ee-98b3-001b217b3468

Gitlab -- Vulnerabilities

Gitlab reports:

XSS and ReDoS in Markdown via Banzai pipeline of Jira

Members with admin_group_member custom permission can add members with higher role

Release Description visible in public projects despite release set as project members only through atom response

Manipulate the repository content in the UI (CVE-2023-3401 bypass)

External user can abuse policy bot to gain access to internal projects

Client-side DOS via Mermaid Flowchart

Developers can update pipeline schedules to use protected branches even if they don't have permission to merge

Users can install Composer packages from public projects even when Package registry is turned off

Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches

Guest users can react (emojis) on confidential work items which they cant see in a project

Discovery 2023-11-30
Entry 2023-12-01
gitlab-ce

>= 16.6.0 lt 16.6.1

>= 16.5.0 lt 16.5.3

>= 8.13.0 lt 16.4.3

CVE-2023-6033
CVE-2023-6396
CVE-2023-3949
CVE-2023-5226
CVE-2023-5995
CVE-2023-4912
CVE-2023-4317
CVE-2023-3964
CVE-2023-4658
CVE-2023-3443
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/