FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
13.8.0 <= gitlab-ce < 13.8.2
13.7.0 <= gitlab-ce < 13.7.6
11.8 <= gitlab-ce < 13.6.6

Details

VuXML ID 66d1c277-652a-11eb-bb3f-001b217b3468
Discovery 2021-02-01
Entry 2021-02-02

Gitlab reports:

Stored XSS in merge request

Stored XSS in epic's pages

Sensitive GraphQL variables exposed in structured log

Guest user can see tag names in private projects

Information disclosure via error message

DNS rebinding protection bypass

Validate existence of private project

[source]

References

CVE Name CVE-2021-22169
CVE Name CVE-2021-22172
URL https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.