FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
14.2.0 <= gitlab-ce < 14.2.2
14.1.0 <= gitlab-ce < 14.1.4
0 <= gitlab-ce < 14.0.9

Details

VuXML ID 6c22bb39-0a9a-11ec-a265-001b217b3468
Discovery 2021-08-31
Entry 2021-08-31

Gitlab reports:

Stored XSS in DataDog Integration

Invited group members continue to have project access even after invited group is deleted

Specially crafted requests to apollo_upload_server middleware leads to denial of service

Privilege escalation of an external user through project token

Missing access control allows non-admin users to add/remove Jira Connect Namespaces

User enumeration on private instances

Member e-mails can be revealed via project import/export feature

Stored XSS in Jira integration

Stored XSS in markdown via the Design reference

References

CVE Name CVE-2021-22238
CVE Name CVE-2021-22257
CVE Name CVE-2021-22258
URL https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/