FreeBSD: VID-fa239535-30f6-11ee-aef9-001b217b3468 (CVE-2023-1210): Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta via crafted URL securityPolicyProjectAssign mutation does not authorize security policy project ID An attacker can run pipeline jobs as arbitrary user Possible Pages Unique Domain Overwrite Access tokens may have been logged when a query was made to an endpoint Reflected XSS via PlantUML diagram The main branch of a repository with a specially designed name may allow an attacker to create repositories with malicious code Invalid 'start_sha' value on merge requests page may lead to Denial of Service Developers can create pipeline schedules on protected branches even if they don't have access to merge Potential DOS due to lack of pagination while loading license data Leaking emails of newly created users