vulnerability
FreeBSD: VID-589de937-343f-11ef-8a7b-001b217b3468 (CVE-2024-1493): Gitlab -- Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | Jun 27, 2024 | Jun 27, 2024 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Jun 27, 2024
Added
Jun 27, 2024
Modified
Mar 25, 2026
Description
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's merge request approval policy ReDoS via custom built markdown page Private job artifacts can be accessed by any user Security fixes for banzai pipeline ReDoS in dependency linker Denial of service using a crafted OpenAPI file Merge request title disclosure Access issues and epics without having an SSO session Non project member can promote key results to objectives
Solutions
freebsd-upgrade-package-gitlab-cefreebsd-upgrade-package-gitlab-ee
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.