FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
15.0.0 <= gitlab-ce < 15.0.1
14.10.0 <= gitlab-ce < 14.10.4
11.10.0 <= gitlab-ce < 14.9.5

Details

VuXML ID f414d69f-e43d-11ec-9ea4-001b217b3468
Discovery 2022-06-01
Entry 2022-06-04

Gitlab reports:

Account take over via SCIM email change

Stored XSS in Jira integration

Quick action commands susceptible to XSS

IP allowlist bypass when using Trigger tokens

IP allowlist bypass when using Project Deploy Tokens

Improper authorization in the Interactive Web Terminal

Subgroup member can list members of parent group

Group member lock bypass

References

CVE Name CVE-2022-1680
CVE Name CVE-2022-1783
CVE Name CVE-2022-1821
CVE Name CVE-2022-1935
CVE Name CVE-2022-1936
CVE Name CVE-2022-1940
CVE Name CVE-2022-1944
CVE Name CVE-2022-1948
URL https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/