FreeBSD: VID-3b14b2b4-9014-11ee-98b3-001b217b3468 (CVE-2023-3443): Gitlab -- Vulnerabilities

Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admin_group_member custom permission can add members with higher role Release Description visible in public projects despite release set as project members only through atom response Manipulate the repository content in the UI (CVE-2023-3401 bypass) External user can abuse policy bot to gain access to internal projects Client-side DOS via Mermaid Flowchart Developers can update pipeline schedules to use protected branches even if they don't have permission to merge Users can install Composer packages from public projects even when Package registry is turned off Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches Guest users can react (emojis) on confidential work items which they cant see in a project