diff options
author | Matthias Fechner <mfechner@FreeBSD.org> | 2021-08-31 20:37:57 +0000 |
---|---|---|
committer | Matthias Fechner <mfechner@FreeBSD.org> | 2021-08-31 21:20:14 +0000 |
commit | 3e9e0373d4e7c3a5c491809499c49b6300bd8db5 (patch) | |
tree | d227b7f45e4f86fe371a19aa964dfcd004180480 | |
parent | 6c36e93dee44b9258d2cb071eee5c0097d8ae9d8 (diff) | |
download | ports-3e9e0373d4e7c3a5c491809499c49b6300bd8db5.tar.gz ports-3e9e0373d4e7c3a5c491809499c49b6300bd8db5.zip |
security/vuxml: Document gitlab vulnerabilities
-rw-r--r-- | security/vuxml/vuln-2021.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index c570b179aaf4..05558c5ee1cf 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,41 @@ + <vuln vid="6c22bb39-0a9a-11ec-a265-001b217b3468"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>14.2.0</ge><lt>14.2.2</lt></range> + <range><ge>14.1.0</ge><lt>14.1.4</lt></range> + <range><ge>0</ge><lt>14.0.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/"> + <p>Stored XSS in DataDog Integration</p> + <p>Invited group members continue to have project access even after invited group is deleted</p> + <p>Specially crafted requests to apollo_upload_server middleware leads to denial of service</p> + <p>Privilege escalation of an external user through project token</p> + <p>Missing access control allows non-admin users to add/remove Jira Connect Namespaces</p> + <p>User enumeration on private instances</p> + <p>Member e-mails can be revealed via project import/export feature</p> + <p>Stored XSS in Jira integration</p> + <p>Stored XSS in markdown via the Design reference</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-22257</cvename> + <cvename>CVE-2021-22258</cvename> + <cvename>CVE-2021-22238</cvename> + <url>https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/</url> + </references> + <dates> + <discovery>2021-08-31</discovery> + <entry>2021-08-31</entry> + </dates> + </vuln> + <vuln vid="1d6410e8-06c1-11ec-a35d-03ca114d16d6"> <topic>fetchmail -- STARTTLS bypass vulnerabilities</topic> <affects> |