Date: Tue, 31 Aug 2021 21:20:24 GMT From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 3e9e0373d4e7 - main - security/vuxml: Document gitlab vulnerabilities Message-ID: <202108312120.17VLKOJH059167@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=3e9e0373d4e7c3a5c491809499c49b6300bd8db5 commit 3e9e0373d4e7c3a5c491809499c49b6300bd8db5 Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2021-08-31 20:37:57 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2021-08-31 21:20:14 +0000 security/vuxml: Document gitlab vulnerabilities --- security/vuxml/vuln-2021.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index c570b179aaf4..05558c5ee1cf 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,41 @@ + <vuln vid="6c22bb39-0a9a-11ec-a265-001b217b3468"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>14.2.0</ge><lt>14.2.2</lt></range> + <range><ge>14.1.0</ge><lt>14.1.4</lt></range> + <range><ge>0</ge><lt>14.0.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/">; + <p>Stored XSS in DataDog Integration</p> + <p>Invited group members continue to have project access even after invited group is deleted</p> + <p>Specially crafted requests to apollo_upload_server middleware leads to denial of service</p> + <p>Privilege escalation of an external user through project token</p> + <p>Missing access control allows non-admin users to add/remove Jira Connect Namespaces</p> + <p>User enumeration on private instances</p> + <p>Member e-mails can be revealed via project import/export feature</p> + <p>Stored XSS in Jira integration</p> + <p>Stored XSS in markdown via the Design reference</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-22257</cvename> + <cvename>CVE-2021-22258</cvename> + <cvename>CVE-2021-22238</cvename> + <url>https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/</url>; + </references> + <dates> + <discovery>2021-08-31</discovery> + <entry>2021-08-31</entry> + </dates> + </vuln> + <vuln vid="1d6410e8-06c1-11ec-a35d-03ca114d16d6"> <topic>fetchmail -- STARTTLS bypass vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108312120.17VLKOJH059167>