发布于3月6日3月6日 Members FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2022-4289): Gitlab -- Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-4289
