diff options
| author | Matthias Fechner <mfechner@FreeBSD.org> | 2024-04-24 18:22:10 +0000 |
|---|---|---|
| committer | Matthias Fechner <mfechner@FreeBSD.org> | 2024-04-24 18:29:35 +0000 |
| commit | 6dbb66a12e23526f7dc4f43f8c2cf7ae58f4be9f (patch) | |
| tree | f62253c4b908c0927f5281b4964498f9b614526f | |
| parent | 8f7dac72c518bd1de867e78af351a4a7cf02d799 (diff) | |
| download | ports-6dbb66a12e23526f7dc4f43f8c2cf7ae58f4be9f.tar.gz ports-6dbb66a12e23526f7dc4f43f8c2cf7ae58f4be9f.zip | |
security/vuxml: document gitlab vulnerabilities
| -rw-r--r-- | security/vuxml/vuln/2024.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 9caa6384714f..97d2a1744607 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,40 @@ + <vuln vid="b857606c-0266-11ef-8681-001b217b3468"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>16.11.0</ge><lt>16.11.1</lt></range> + <range><ge>16.10.0</ge><lt>16.10.4</lt></range> + <range><ge>7.8.0</ge><lt>16.9.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/"> + <p>GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider</p> + <p>Path Traversal leads to DoS and Restricted File Read</p> + <p>Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search</p> + <p>Personal Access Token scopes not honoured by GraphQL subscriptions</p> + <p>Domain based restrictions bypass using a crafted email address</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-4024</cvename> + <cvename>CVE-2024-2434</cvename> + <cvename>CVE-2024-2829</cvename> + <cvename>CVE-2024-4006</cvename> + <cvename>CVE-2024-1347</cvename> + <url>https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/</url> + </references> + <dates> + <discovery>2024-04-24</discovery> + <entry>2024-04-24</entry> + </dates> + </vuln> + <vuln vid="bb49f1fa-00da-11ef-92b7-589cfc023192"> <topic>GLPI -- multiple vulnerabilities</topic> <affects> |