vulnerability

FreeBSD: VID-CDB5338D-04EC-11EE-9C88-001B217B3468 (CVE-2023-0508): Gitlab -- Vulnerability

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jun 5, 2023
Added
Jun 7, 2023
Modified
Jan 28, 2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-CDB5338D-04EC-11EE-9C88-001B217B3468:




Gitlab reports:



Stored-XSS with CSP-bypass in Merge requests


ReDoS via FrontMatterFilter in any Markdown fields


ReDoS via InlineDiffFilter in any Markdown fields


ReDoS via DollarMathPostFilter in Markdown fields


DoS via malicious test report artifacts


Restricted IP addresses can clone repositories of public projects


Reflected XSS in Report Abuse Functionality


Privilege escalation from maintainer to owner by importing members from a project


Bypassing tags protection in GitLab


Denial of Service using multiple labels with arbitrarily large descriptions


Ability to use an unverified email for public and commit emails


Open Redirection Through HTTP Response Splitting


Disclosure of issue notes to an unauthorized user when exporting a project


Ambiguous branch name exploitation




Solution

freebsd-upgrade-package-gitlab-ce

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today