vulnerability
FreeBSD: VID-03bf5157-d145-11ee-acee-001b217b3468 (CVE-2023-6736): Gitlab -- Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | Feb 22, 2024 | Feb 23, 2024 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Feb 22, 2024
Added
Feb 23, 2024
Modified
Mar 25, 2026
Description
Gitlab reports: Stored-XSS in user's profile page User with "admin_group_members" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard Users with the Guest role can change Custom dashboard projects settings for projects in the victim group Group member with sub-maintainer role can change title of shared private deploy keys Bypassing approvals of CODEOWNERS
Solution
freebsd-upgrade-package-gitlab-ce
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.