Gitlab -- vulnerabilities

2024-05-0800:00:00

vuxml.freebsd.org

redos

dos

ssrf

csrf

saml sso

api

markdown

denial of service

jwt

confidential issues

export

github importer

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Gitlab reports:

ReDoS in branch search when using wildcards
ReDoS in markdown render pipeline
Redos on Discord integrations
Redos on Google Chat Integration
Denial of Service Attack via Pin Menu
DoS by filtering tags and branches via the API
MR approval via CSRF in SAML SSO
Banned user from groups can read issues updates via the api
Require confirmation before linking JWT identity
View confidential issues title and description of any public project via export
SSRF via Github importer

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 16.11.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 16.11.2UNKNOWN
FreeBSDanynoarchgitlab-ee= 16.11.0UNKNOWN
FreeBSDanynoarchgitlab-ee< 16.11.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gitlab-ce	= 16.11.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ce	< 16.11.2	UNKNOWN
FreeBSD	any	noarch	gitlab-ee	= 16.11.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ee	< 16.11.2	UNKNOWN