FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
13.9.0 <= gitlab-ce < 13.9.2
13.8.0 <= gitlab-ce < 13.8.5
gitlab-ce < 13.7.8


VuXML ID 8bf856ea-7df7-11eb-9aad-001b217b3468
Discovery 2021-03-04
Entry 2021-03-05

Gitlab reports:

JWT token leak via Workhorse

Stored XSS in wiki pages

Group Maintainers are able to use the Group CI/CD Variables API

Insecure storage of GitLab session keys


CVE Name CVE-2021-22185
CVE Name CVE-2021-22186