vulnerability
FreeBSD: VID-03bf5157-d145-11ee-acee-001b217b3468 (CVE-2023-4895): Gitlab -- Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Feb 22, 2024 | Feb 23, 2024 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Feb 22, 2024
Added
Feb 23, 2024
Modified
Dec 10, 2025
Description
Gitlab reports: Stored-XSS in user's profile page User with "admin_group_members" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard Users with the Guest role can change Custom dashboard projects settings for projects in the victim group Group member with sub-maintainer role can change title of shared private deploy keys Bypassing approvals of CODEOWNERS
Solution
freebsd-upgrade-package-gitlab-ce
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.