vulnerability

FreeBSD: VID-f7c5b3a9-b9fb-11ed-99c6-001b217b3468 (CVE-2023-1084): Gitlab -- Multiple Vulnerabilities

Try Surface Command
Back to search
Severity
3
CVSS
(AV:N/AC:L/Au:M/C:N/I:P/A:N)
Published
Mar 3, 2023
Added
Mar 5, 2023
Modified
Mar 25, 2026

Description

Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project

Solution

freebsd-upgrade-package-gitlab-ce

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report