vulnerability
FreeBSD: VID-66D1C277-652A-11EB-BB3F-001B217B3468 (CVE-2021-22169): Gitlab -- Multiple vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | 2021-02-01 | 2021-02-03 | 2021-03-29 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2021-02-01
Added
2021-02-03
Modified
2021-03-29
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-66D1C277-652A-11EB-BB3F-001B217B3468:
Gitlab reports:
Stored XSS in merge request
Stored XSS in epic's pages
Sensitive GraphQL variables exposed in structured log
Guest user can see tag names in private projects
Information disclosure via error message
DNS rebinding protection bypass
Validate existence of private project
Solution
freebsd-upgrade-package-gitlab-ce
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.