FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
15.8.0 <= gitlab-ce < 15.8.1
15.7.0 <= gitlab-ce < 15.7.6
12.4.0 <= gitlab-ce < 15.6.7

Details

VuXML ID ee890be3-a1ec-11ed-a81d-001b217b3468
Discovery 2023-01-31
Entry 2023-02-01

Gitlab reports:

Denial of Service via arbitrarily large Issue descriptions

CSRF via file upload allows an attacker to take over a repository

Sidekiq background job DoS by uploading malicious CI job artifact zips

Sidekiq background job DoS by uploading a malicious Helm package

References

CVE Name CVE-2022-3411
CVE Name CVE-2022-3759
CVE Name CVE-2022-4138
CVE Name CVE-2023-0518
URL https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/