FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
16.7.0 <= gitlab-ce < 16.7.2
16.6.0 <= gitlab-ce < 16.6.4
8.13.0 <= gitlab-ce < 16.5.6


VuXML ID 4c8c2218-b120-11ee-90ec-001b217b3468
Discovery 2024-01-11
Entry 2024-01-12

Gitlab reports:

Account Takeover via Password Reset without user interactions

Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user

Bypass CODEOWNERS approval removal

Workspaces able to be created under different root namespace

Commit signature validation ignores headers after signature


CVE Name CVE-2023-2030
CVE Name CVE-2023-4812
CVE Name CVE-2023-5356
CVE Name CVE-2023-6955
CVE Name CVE-2023-7028