FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
14.8.0 <= gitlab-ce < 14.8.2
14.7.0 <= gitlab-ce < 14.7.4
0 <= gitlab-ce < 14.6.5

Details

VuXML ID 2823048d-9f8f-11ec-8c9c-001b217b3468
Discovery 2022-02-25
Entry 2022-03-09

Gitlab reports:

Runner registration token disclosure through Quick Actions

Unprivileged users can add other users to groups through an API endpoint

Inaccurate display of Snippet contents can be potentially misleading to users

Environment variables can be leaked via the sendmail delivery method

Unauthenticated user enumeration on GraphQL API

Adding a mirror with SSH credentials can leak password

Denial of Service via user comments

[source]

References

CVE Name CVE-2021-4191
CVE Name CVE-2022-0489
CVE Name CVE-2022-0549
CVE Name CVE-2022-0735
CVE Name CVE-2022-0738
CVE Name CVE-2022-0741
CVE Name CVE-2022-0751
URL https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.