git: 4da2b186fe8e - main - security/vuxml: document gitlab vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 10 Oct 2024 02:47:20 UTC
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=4da2b186fe8e2a208dfc34e05d387b69d20b84a7 commit 4da2b186fe8e2a208dfc34e05d387b69d20b84a7 Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2024-10-10 02:46:53 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2024-10-10 02:46:53 +0000 security/vuxml: document gitlab vulnerabilities --- security/vuxml/vuln/2024.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 8251468be639..de8c3753ee30 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,46 @@ + <vuln vid="cc1ac01e-86b0-11ef-9369-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>17.4.0</ge><lt>17.4.2</lt></range> + <range><ge>17.3.0</ge><lt>17.3.5</lt></range> + <range><ge>8.16</ge><lt>17.2.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/"> + <p>Run pipelines on arbitrary branches</p> + <p>An attacker can impersonate arbitrary user</p> + <p>SSRF in Analytics Dashboard</p> + <p>Viewing diffs of MR with conflicts can be slow</p> + <p>HTMLi in OAuth page</p> + <p>Deploy Keys can push changes to an archived repository</p> + <p>Guests can disclose project templates</p> + <p>GitLab instance version disclosed to unauthorized users</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-9164</cvename> + <cvename>CVE-2024-8970</cvename> + <cvename>CVE-2024-8977</cvename> + <cvename>CVE-2024-9631</cvename> + <cvename>CVE-2024-6530</cvename> + <cvename>CVE-2024-9623</cvename> + <cvename>CVE-2024-5005</cvename> + <cvename>CVE-2024-9596</cvename> + <url>https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/</url> + </references> + <dates> + <discovery>2024-10-09</discovery> + <entry>2024-10-10</entry> + </dates> + </vuln> + <vuln vid="79b1f4ee-860a-11ef-b2dc-cbccbf25b7ea"> <topic>gitea -- token missing access control for packages</topic> <affects>