CVE-2023-6678

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file...

CVE-2023-6678 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file...

CVE-2023-6678

Removed by vendor...

FreeBSD : Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6 (dad6294c-f7c1-11ee-bb77-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dad6294c-f7c1-11ee-bb77-001b217b3468 advisory. - Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos...

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...

Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control JUnit report file contents. Flaky Test Handler Plugin 1.2.3 escapes...