FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1d651770-f4f5-11eb-ba49-001b217b3468	Gitlab -- Gitlab Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth tokens on an incorrect OAuth client application Ability to list and delete impersonation tokens for your own user Pipelines page is partially visible for users that have no right to see CI/CD Improper email validation on an invite URL Unauthorised user was able to add meta data upon issue creation Unauthorized user can trigger deployment to a protected environment Guest in private project can see CI/CD Analytics Guest users can create issues for Sentry errors and track their status Private user email disclosure via group invitation Projects are allowed to add members with email address domain that should be blocked by group settings Misleading username could lead to impersonation in using SSH Certificates Unauthorized user is able to access and view project vulnerability reports Denial of service in repository caused by malformed commit author Discovery 2021-08-03 Entry 2021-08-04 gitlab-ce ge 14.1.0 lt 14.1.2 ge 14.0.0 lt 14.0.7 ge 0 lt 13.12.9 CVE-2021-22237 CVE-2021-22236 CVE-2021-22239 https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/

VuXML ID

Description

1d651770-f4f5-11eb-ba49-001b217b3468

Gitlab -- Gitlab

Gitlab reports:

Stored XSS in Mermaid when viewing Markdown files

Stored XSS in default branch name

Perform Git actions with an impersonation token even if impersonation is disabled

Tag and branch name confusion allows Developer to access protected CI variables

New subscriptions generate OAuth tokens on an incorrect OAuth client application

Ability to list and delete impersonation tokens for your own user

Pipelines page is partially visible for users that have no right to see CI/CD

Improper email validation on an invite URL

Unauthorised user was able to add meta data upon issue creation

Unauthorized user can trigger deployment to a protected environment

Guest in private project can see CI/CD Analytics

Guest users can create issues for Sentry errors and track their status

Private user email disclosure via group invitation

Projects are allowed to add members with email address domain that should be blocked by group settings

Misleading username could lead to impersonation in using SSH Certificates

Unauthorized user is able to access and view project vulnerability reports

Denial of service in repository caused by malformed commit author

Discovery 2021-08-03
Entry 2021-08-04
gitlab-ce

ge 14.1.0 lt 14.1.2

ge 14.0.0 lt 14.0.7

ge 0 lt 13.12.9

CVE-2021-22237
CVE-2021-22236
CVE-2021-22239
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/