The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 589de937-343f-11ef-8a7b-001b217b3468 advisory. Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's merge request approval policy ReDoS via custom built markdown page Private job artifacts can be accessed by any user Security fixes for banzai pipeline ReDoS in dependency linker Denial of service using a crafted OpenAPI file Merge request title disclosure Access issues and epics without having an SSO session Non project member can promote key results to objectives Tenable has extracted the preceding description block directly from the FreeBSD security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More
References
Back to Main