FreshPorts - VuXML

Gitlab reports:

An attacker can run pipeline jobs as an arbitrary user

Developer user with admin_compliance_framework permission can change group URL

Admin push rules custom role allows creation of project level deploy token

Package registry vulnerable to manifest confusion

User with admin_group_member permission can ban group members

Subdomain takeover in GitLab Pages

>= 17.1.0 lt 17.1.2

>= 17.0.0 lt 17.0.4

>= 11.8.0 lt 16.11.6

Gitlab reports:

XSS via the Maven Dependency Proxy

Project level analytics settings leaked in DOM

Reports can access and download job artifacts despite use of settings to prevent it

Direct Transfer - Authorised project/group exports are accessible to other users

Bypassing tag check and branch check through imports

Project Import/Export - Make project/group export files hidden to everyone except user who initiated it

>= 17.2.0 lt 17.2.1

>= 17.1.0 lt 17.1.3

>= 12.0.0 lt 17.0.5

Gitlab reports:

Run pipelines as any user

Stored XSS injected in imported project's commit notes

CSRF on GraphQL API IntrospectionQuery

Remove search results from public projects with unauthorized repos

Cross window forgery in user application OAuth flow

Project maintainers can bypass group's merge request approval policy

ReDoS via custom built markdown page

Private job artifacts can be accessed by any user

Security fixes for banzai pipeline

ReDoS in dependency linker

Denial of service using a crafted OpenAPI file

Merge request title disclosure

Access issues and epics without having an SSO session

Non project member can promote key results to objectives

>= 17.1.0 lt 17.1.1

>= 17.0.0 lt 17.0.3

>= 1.0.0 lt 16.11.5

Gitlab reports:

Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access

Cross project access of Security policy bot

Advanced search ReDOS in highlight for code results

Denial of Service via banzai pipeline

Denial of service using adoc files

ReDoS in RefMatcher when matching branch names using wildcards

Path encoding can cause the Web interface to not render diffs correctly

XSS while viewing raw XHTML files through API

Ambiguous tag name exploitation

Logs disclosings potentially sensitive data in query params

Password bypass on approvals using policy projects

ReDoS when parsing git push

Webhook deletion audit log can preserve auth credentials

>= 17.2.0 lt 17.2.2

>= 17.1.0 lt 17.1.4

>= 12.0.0 lt 17.0.6

Gitlab reports:

The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases

Denial of Service by importing maliciously crafted GitHub repository

Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline

An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions

>= 17.3.0 lt 17.3.1

>= 17.2.0 lt 17.2.4

>= 8.2.0 lt 17.1.6