vulnerability

FreeBSD: VID-66D1C277-652A-11EB-BB3F-001B217B3468 (CVE-2021-22169): Gitlab -- Multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2021-02-01
Added
2021-02-03
Modified
2021-03-29

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-66D1C277-652A-11EB-BB3F-001B217B3468:




Gitlab reports:



Stored XSS in merge request


Stored XSS in epic's pages


Sensitive GraphQL variables exposed in structured log


Guest user can see tag names in private projects


Information disclosure via error message


DNS rebinding protection bypass


Validate existence of private project




Solution

freebsd-upgrade-package-gitlab-ce
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.