FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Vulnerabilities

Affected packages
13.11.0 <= gitlab-ce < 13.11.2
13.10.0 <= gitlab-ce < 13.10.4
11.6.0 <= gitlab-ce < 13.9.7

Details

VuXML ID 518a119c-a864-11eb-8ddb-001b217b3468
Discovery 2021-04-28
Entry 2021-04-28

Gitlab reports:

Read API scoped tokens can execute mutations

Pull mirror credentials were exposed

Denial of Service when querying repository branches API

Non-owners can set system_note_timestamp when creating / updating issues

DeployToken will impersonate a User with the same ID when using Dependency Proxy

[source]

References

CVE Name CVE-2021-22206
CVE Name CVE-2021-22208
CVE Name CVE-2021-22209
CVE Name CVE-2021-22210
CVE Name CVE-2021-22211
URL https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.