FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
14.4.0 <= gitlab-ce < 14.4.1
14.3.0 <= gitlab-ce < 14.3.4
0 <= gitlab-ce < 14.2.6


VuXML ID 33557582-3958-11ec-90ba-001b217b3468
Discovery 2021-10-28
Entry 2021-10-30

Gitlab reports:

Stored XSS via ipynb files

Pipeline schedules on imported projects can be set to automatically active after import

Potential Denial of service via Workhorse

Improper Access Control allows Merge Request creator to bypass locked status

Projects API discloses ID and name of private groups

Severity of an incident can be changed by a guest user

System root password accidentally written to log file

Potential DoS via a malformed TIFF image

Bypass of CODEOWNERS Merge Request approval requirement

Change project visibility to a restricted option

Project exports leak external webhook token value

SCIM token is visible after creation

Invited group members, with access inherited from parent group, continue to have project access even after invited subgroup is transfered

Regular expression denial of service issue when cleaning namespace path

Prevent creation of scopeless apps using applications API

Webhook data exposes assignee's private email address


CVE Name CVE-2021-39895
CVE Name CVE-2021-39897
CVE Name CVE-2021-39898
CVE Name CVE-2021-39901
CVE Name CVE-2021-39902
CVE Name CVE-2021-39903
CVE Name CVE-2021-39904
CVE Name CVE-2021-39905
CVE Name CVE-2021-39906
CVE Name CVE-2021-39907
CVE Name CVE-2021-39909
CVE Name CVE-2021-39911
CVE Name CVE-2021-39912
CVE Name CVE-2021-39913
CVE Name CVE-2021-39914