FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple Vulnerabilities

Affected packages
14.0.0 <= gitlab-ce < 14.0.2
13.12.0 <= gitlab-ce < 13.12.6
8.0.0 <= gitlab-ce < 13.11.6

Details

VuXML ID 8ba8278d-db06-11eb-ba49-001b217b3468
Discovery 2021-07-01
Entry 2021-07-02

Gitlab reports:

DoS using Webhook connections

CSRF on GraphQL API allows executing mutations through GET requests

Private projects information disclosure

Denial of service of user profile page

Single sign-on users not getting blocked

Some users can push to Protected Branch with Deploy keys

A deactivated user can access data through GraphQL

Reflected XSS in release edit page

Clipboard DOM-based XSS

Stored XSS on Audit Log

Forks of public projects by project members could leak codebase

Improper text rendering

HTML Injection in full name field

References

URL https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/