vulnerability

FreeBSD: VID-A2A2B34D-52B4-11EB-87CB-001B217B3468 (CVE-2021-22166): Gitlab -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jan 7, 2021	Jan 10, 2021	Mar 8, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jan 7, 2021

Added

Jan 10, 2021

Modified

Mar 8, 2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-A2A2B34D-52B4-11EB-87CB-001B217B3468:

Gitlab reports:

Ability to steal a user's API access token through GitLab Pages

Prometheus denial of service via HTTP request with custom method

Unauthorized user is able to access private repository information under specific conditions

Regular expression denial of service in NuGet API

Regular expression denial of service in package uploads

Update curl dependency

CVE-2019-3881 mitigation

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2021-22166

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today