Gitlab — Vulnerabilities

Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match Redos on wiki render API/Page Resource exhaustion and denial of service with test_report API calls Guest user can view dependency lists of private projects through job artifacts Stored XSS via…Read More