FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
17.5.0 <= gitlab-ce < 17.5.2
17.4.0 <= gitlab-ce < 17.4.4
16.0.0 <= gitlab-ce < 17.3.7
17.5.0 <= gitlab-ee < 17.5.2
17.4.0 <= gitlab-ee < 17.4.4
16.0.0 <= gitlab-ee < 17.3.7

Details

VuXML ID 1eb4d32c-a245-11ef-998c-2cf05da270f3
Discovery 2024-11-13
Entry 2024-11-14

Gitlab reports:

Unauthorized access to Kubernetes cluster agent

Device OAuth flow allows for cross window forgery

Denial of Service by importing malicious crafted FogBugz import payload

Stored XSS through javascript URL in Analytics dashboards

HTML injection in vulnerability Code flow could lead to XSS on self hosted instances

Information disclosure through an API endpoint

[source]

References

CVE Name CVE-2024-10240
CVE Name CVE-2024-7404
CVE Name CVE-2024-8180
CVE Name CVE-2024-8648
CVE Name CVE-2024-9693
URL https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.