Gitlab -- Vulnerabilities

2024-06-1200:00:00

vuxml.freebsd.org

gitlab

vulnerabilities

redos

ci interpolation

asana integration

xss

content injection

raw xhtml

ios

agentk request validation

kas

panic

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Gitlab reports:

ReDoS in gomod dependency linker
ReDoS in CI interpolation (fix bypass)
ReDoS in Asana integration issue mapping when webhook is called
XSS and content injection when viewing raw XHTML files on iOS devices
Missing agentk request validation could cause KAS to panic

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 17.0.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 17.0.2UNKNOWN
FreeBSDanynoarchgitlab-ee= 17.0.0UNKNOWN
FreeBSDanynoarchgitlab-ee< 17.0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gitlab-ce	= 17.0.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ce	< 17.0.2	UNKNOWN
FreeBSD	any	noarch	gitlab-ee	= 17.0.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ee	< 17.0.2	UNKNOWN