FreeBSD: VID-6e0ebb4a-5e75-11ee-a365-001b217b3468 (CVE-2023-0989): Gitlab -- vulnerabilities

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project Group import allows impersonation of users in CI pipelines Developers can bypass code owners approval by changing a MR's base branch Leaking source code of restricted project through a fork Third party library Consul requires enable-script-checks to be False to enable patch Service account not deleted when namespace is deleted allowing access to internal projects Enforce SSO settings bypassed for public projects for Members without identity Removed project member can write to protected branches Unauthorised association of CI jobs for Machine Learning experiments Force pipelines to not have access to protected variables and will likely fail using tags Maintainer can create a fork relationship between existing projects Disclosure of masked CI variables via processing CI/CD configuration of forks Asset Proxy Bypass using non-ASCII character in asset URI Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches Removed Developer can continue editing the source code of a public project A project reporter can leak owner's Sentry instance projects Math rendering in markdown can escape container and hijack clicks