FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
13.9.0	<=	gitlab-ce	<	13.9.2
13.8.0	<=	gitlab-ce	<	13.8.5
		gitlab-ce	<	13.7.8

Details

VuXML ID	8bf856ea-7df7-11eb-9aad-001b217b3468
Discovery	2021-03-04
Entry	2021-03-05

Gitlab reports:

JWT token leak via Workhorse

Stored XSS in wiki pages

Group Maintainers are able to use the Group CI/CD Variables API

Insecure storage of GitLab session keys

[source]

References

CVE Name	CVE-2021-22185
CVE Name	CVE-2021-22186
URL	https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/