AVG-1648 log

Package gitlab
Status Fixed
Severity Medium
Type multiple issues
Affected 13.9.1-1
Fixed 13.9.2-1
Current 14.2.3-1 [community]
Ticket None
Created Fri Mar 5 00:02:28 2021
Issue Severity Remote Type Description
CVE-2021-22186 Medium Yes Access restriction bypass
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group...
CVE-2021-22185 Medium Yes Cross-site scripting
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a...
References
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
Notes
There are two more issues in this announcement for which a CVE has been requested, but has not been assigned yet.