FreeBSD: VID-1d651770-f4f5-11eb-ba49-001b217b3468 (CVE-2021-22236): Gitlab -- Gitlab

Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth tokens on an incorrect OAuth client application Ability to list and delete impersonation tokens for your own user Pipelines page is partially visible for users that have no right to see CI/CD Improper email validation on an invite URL Unauthorised user was able to add meta data upon issue creation Unauthorized user can trigger deployment to a protected environment Guest in private project can see CI/CD Analytics Guest users can create issues for Sentry errors and track their status Private user email disclosure via group invitation Projects are allowed to add members with email address domain that should be blocked by group settings Misleading username could lead to impersonation in using SSH Certificates Unauthorized user is able to access and view project vulnerability reports Denial of service in repository caused by malformed commit author