ISHACK AI BOT

Alpine Linux: CVE-2023-27535: Improper Authentication Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-27535 CVE - 2023-27535 https://security.alpinelinux.org/vuln/CVE-2023-27535

Huawei EulerOS: CVE-2022-4744: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-4744 CVE - 2022-4744 EulerOS-SA-2023-2689

Huawei EulerOS: CVE-2023-27536: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27536 CVE - 2023-27536 EulerOS-SA-2023-2677

Huawei EulerOS: CVE-2023-27533: curl security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/30/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27533 CVE - 2023-27533 EulerOS-SA-2023-1816

Huawei EulerOS: CVE-2023-27536: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27536 CVE - 2023-27536 EulerOS-SA-2023-1816

Huawei EulerOS: CVE-2023-27534: curl security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/30/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27534 CVE - 2023-27534 EulerOS-SA-2023-1816

Huawei EulerOS: CVE-2023-1393: xorg-x11-server security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/10/2024 Added 05/13/2024 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) huawei-euleros-2_0_sp10-upgrade-xorg-x11-server-help References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 EulerOS-SA-2024-1605

Huawei EulerOS: CVE-2023-27538: curl security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27538 CVE - 2023-27538 EulerOS-SA-2023-1816

FreeBSD: VID-54006796-CF7B-11ED-A5D5-001B217B3468 (CVE-2023-0485): Gitlab -- Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 04/04/2023 Added 04/01/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-54006796-CF7B-11ED-A5D5-001B217B3468: Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint Unauthenticated users can view Environment names from public projects limited to project members only Copying information to the clipboard could lead to the execution of unexpected commands Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown MR for security reports are available to everyone API timeout when searching for group issues Unauthorised user can add child epics linked to victim's epic in an unrelated group GitLab search allows to leak internal notes Ambiguous branch name exploitation in GitLab Improper permissions checks for moving an issue Private project branches names can be leaked through a fork Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0485

Trellix Agent: CVE-2023-0977: CWE-120: Heap Based Buffer Overflow Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 04/04/2023 Modified 12/02/2024 Description A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. Solution(s) trellix-agent-upgrade-5-7-9-139 References https://attackerkb.com/topics/cve-2023-0977 CVE - 2023-0977 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0977 https://kcm.trellix.com/corporate/index?page=content&id=SB10396 https://nvd.nist.gov/vuln/detail/CVE-2023-0977

Alma Linux: CVE-2023-1393: Moderate: xorg-x11-server security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) alma-upgrade-tigervnc alma-upgrade-tigervnc-icons alma-upgrade-tigervnc-license alma-upgrade-tigervnc-selinux alma-upgrade-tigervnc-server alma-upgrade-tigervnc-server-minimal alma-upgrade-tigervnc-server-module alma-upgrade-xorg-x11-server-common alma-upgrade-xorg-x11-server-devel alma-upgrade-xorg-x11-server-source alma-upgrade-xorg-x11-server-xdmx alma-upgrade-xorg-x11-server-xephyr alma-upgrade-xorg-x11-server-xnest alma-upgrade-xorg-x11-server-xorg alma-upgrade-xorg-x11-server-xvfb alma-upgrade-xorg-x11-server-xwayland References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 https://errata.almalinux.org/8/ALSA-2023-1551.html https://errata.almalinux.org/8/ALSA-2023-6916.html https://errata.almalinux.org/8/ALSA-2023-6917.html https://errata.almalinux.org/9/ALSA-2023-1592.html https://errata.almalinux.org/9/ALSA-2023-6340.html https://errata.almalinux.org/9/ALSA-2023-6341.html View more

Alpine Linux: CVE-2023-27533: Injection Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-27533 CVE - 2023-27533 https://security.alpinelinux.org/vuln/CVE-2023-27533

Alpine Linux: CVE-2023-27537: Double Free Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/30/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-27537 CVE - 2023-27537 https://security.alpinelinux.org/vuln/CVE-2023-27537

Alpine Linux: CVE-2023-27538: Improper Authentication Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-27538 CVE - 2023-27538 https://security.alpinelinux.org/vuln/CVE-2023-27538

Gentoo Linux: CVE-2023-1393: X.Org X server, XWayland: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) gentoo-linux-upgrade-x11-base-xorg-server gentoo-linux-upgrade-x11-base-xwayland References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 202305-30

Ubuntu: USN-5986-1 (CVE-2023-1393): X.Org X Server vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) ubuntu-upgrade-xserver-xorg-core ubuntu-upgrade-xserver-xorg-core-hwe-18-04 ubuntu-upgrade-xwayland ubuntu-upgrade-xwayland-hwe-18-04 References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 USN-5986-1

Huawei EulerOS: CVE-2023-27533: curl security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27533 CVE - 2023-27533 EulerOS-SA-2023-2677

VMware Photon OS: CVE-2023-27535 Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-27535 CVE - 2023-27535

VMware Photon OS: CVE-2023-27534 Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-27534 CVE - 2023-27534

Red Hat: CVE-2023-27534: SFTP path ~ resolving discrepancy (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) redhat-upgrade-curl redhat-upgrade-curl-debuginfo redhat-upgrade-curl-debugsource redhat-upgrade-curl-minimal redhat-upgrade-curl-minimal-debuginfo redhat-upgrade-libcurl redhat-upgrade-libcurl-debuginfo redhat-upgrade-libcurl-devel redhat-upgrade-libcurl-minimal redhat-upgrade-libcurl-minimal-debuginfo References CVE-2023-27534 RHSA-2023:6679

FreeBSD: VID-54006796-CF7B-11ED-A5D5-001B217B3468 (CVE-2023-0450): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 03/30/2023 Created 04/04/2023 Added 04/01/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-54006796-CF7B-11ED-A5D5-001B217B3468: Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint Unauthenticated users can view Environment names from public projects limited to project members only Copying information to the clipboard could lead to the execution of unexpected commands Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown MR for security reports are available to everyone API timeout when searching for group issues Unauthorised user can add child epics linked to victim's epic in an unrelated group GitLab search allows to leak internal notes Ambiguous branch name exploitation in GitLab Improper permissions checks for moving an issue Private project branches names can be leaked through a fork Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0450

FreeBSD: VID-54006796-CF7B-11ED-A5D5-001B217B3468 (CVE-2023-0838): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 03/30/2023 Created 04/04/2023 Added 04/01/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-54006796-CF7B-11ED-A5D5-001B217B3468: Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint Unauthenticated users can view Environment names from public projects limited to project members only Copying information to the clipboard could lead to the execution of unexpected commands Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown MR for security reports are available to everyone API timeout when searching for group issues Unauthorised user can add child epics linked to victim's epic in an unrelated group GitLab search allows to leak internal notes Ambiguous branch name exploitation in GitLab Improper permissions checks for moving an issue Private project branches names can be leaked through a fork Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0838

Rocket Software Unidata udadmin_server Authentication Bypass Disclosed 03/30/2023 Created 04/12/2023 Description This module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service typically runs as root. It accepts a username of ":local:" and a password in the form of "::", where username and uid must be a valid account, but gid can be anything except 0. This exploit takes advantage of this login account to authenticate as a chosen user and run an arbitrary command (using the built-in OsCommand message). Author(s) Ron Bowes Platform Linux,Unix Architectures x86, x64, cmd Development Source Code History

CentOS Linux: CVE-2023-27538: Moderate: curl security update (CESA-2023:6679) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) centos-upgrade-curl centos-upgrade-curl-debuginfo centos-upgrade-curl-debugsource centos-upgrade-curl-minimal centos-upgrade-curl-minimal-debuginfo centos-upgrade-libcurl centos-upgrade-libcurl-debuginfo centos-upgrade-libcurl-devel centos-upgrade-libcurl-minimal centos-upgrade-libcurl-minimal-debuginfo References CVE-2023-27538

FreeBSD: VID-54006796-CF7B-11ED-A5D5-001B217B3468 (CVE-2022-3513): Gitlab -- Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 03/30/2023 Created 04/04/2023 Added 04/01/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-54006796-CF7B-11ED-A5D5-001B217B3468: Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint Unauthenticated users can view Environment names from public projects limited to project members only Copying information to the clipboard could lead to the execution of unexpected commands Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown MR for security reports are available to everyone API timeout when searching for group issues Unauthorised user can add child epics linked to victim's epic in an unrelated group GitLab search allows to leak internal notes Ambiguous branch name exploitation in GitLab Improper permissions checks for moving an issue Private project branches names can be leaked through a fork Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-3513