vulnerability
FreeBSD: VID-729008b9-54bf-11ef-a61b-2cf05da270f3 (CVE-2024-7586): Gitlab -- Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:L/Au:M/C:P/I:N/A:N) | Aug 7, 2024 | Dec 10, 2025 | Dec 10, 2025 |
Severity
3
CVSS
(AV:N/AC:L/Au:M/C:P/I:N/A:N)
Published
Aug 7, 2024
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching branch names using wildcards Path encoding can cause the Web interface to not render diffs correctly XSS while viewing raw XHTML files through API Ambiguous tag name exploitation Logs disclosings potentially sensitive data in query params Password bypass on approvals using policy projects ReDoS when parsing git push Webhook deletion audit log can preserve auth credentials
Solutions
freebsd-upgrade-package-gitlab-cefreebsd-upgrade-package-gitlab-ee
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.