FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
17.6.0 <= gitlab-ce < 17.6.1
17.5.0 <= gitlab-ce < 17.5.3
8.12.0 <= gitlab-ce < 17.4.5
17.6.0 <= gitlab-ee < 17.6.1
17.5.0 <= gitlab-ee < 17.5.3
8.12.0 <= gitlab-ee < 17.4.5

Details

VuXML ID 2263ea04-ac81-11ef-998c-2cf05da270f3
Discovery 2024-11-26
Entry 2024-11-27

Gitlab reports:

Privilege Escalation via LFS Tokens

DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file

Unintended Access to Usage Data via Scoped Tokens

Gitlab DOS via Harbor registry integration

Resource exhaustion and denial of service with test_report API calls

Streaming endpoint did not invalidate tokens after revocation

[source]

References

CVE Name CVE-2024-11668
CVE Name CVE-2024-11669
CVE Name CVE-2024-11828
CVE Name CVE-2024-8114
CVE Name CVE-2024-8177
CVE Name CVE-2024-8237
URL https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.