FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- Multiple vulnerabilities

Affected packages
13.9.0 <= gitlab-ce < 13.9.2
13.8.0 <= gitlab-ce < 13.8.5
gitlab-ce < 13.7.8

Details

VuXML ID 8bf856ea-7df7-11eb-9aad-001b217b3468
Discovery 2021-03-04
Entry 2021-03-05

Gitlab reports:

JWT token leak via Workhorse

Stored XSS in wiki pages

Group Maintainers are able to use the Group CI/CD Variables API

Insecure storage of GitLab session keys

References

CVE Name CVE-2021-22185
CVE Name CVE-2021-22186
URL https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/