vulnerability
FreeBSD: VID-589de937-343f-11ef-8a7b-001b217b3468 (CVE-2024-3959): Gitlab -- Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Jun 27, 2024 | Jun 27, 2024 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Jun 27, 2024
Added
Jun 27, 2024
Modified
Dec 10, 2025
Description
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's merge request approval policy ReDoS via custom built markdown page Private job artifacts can be accessed by any user Security fixes for banzai pipeline ReDoS in dependency linker Denial of service using a crafted OpenAPI file Merge request title disclosure Access issues and epics without having an SSO session Non project member can promote key results to objectives
Solutions
freebsd-upgrade-package-gitlab-cefreebsd-upgrade-package-gitlab-ee
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.