FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1d651770-f4f5-11eb-ba49-001b217b3468Gitlab -- Gitlab

Gitlab reports:

Stored XSS in Mermaid when viewing Markdown files

Stored XSS in default branch name

Perform Git actions with an impersonation token even if impersonation is disabled

Tag and branch name confusion allows Developer to access protected CI variables

New subscriptions generate OAuth tokens on an incorrect OAuth client application

Ability to list and delete impersonation tokens for your own user

Pipelines page is partially visible for users that have no right to see CI/CD

Improper email validation on an invite URL

Unauthorised user was able to add meta data upon issue creation

Unauthorized user can trigger deployment to a protected environment

Guest in private project can see CI/CD Analytics

Guest users can create issues for Sentry errors and track their status

Private user email disclosure via group invitation

Projects are allowed to add members with email address domain that should be blocked by group settings

Misleading username could lead to impersonation in using SSH Certificates

Unauthorized user is able to access and view project vulnerability reports

Denial of service in repository caused by malformed commit author


Discovery 2021-08-03
Entry 2021-08-04
gitlab-ce
ge 14.1.0 lt 14.1.2

ge 14.0.0 lt 14.0.7

ge 0 lt 13.12.9

CVE-2021-22237
CVE-2021-22236
CVE-2021-22239
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/