AVG-1648 log
| Package | gitlab |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 13.9.1-1 |
| Fixed | 13.9.2-1 |
| Current | 17.8.0-1 [extra] |
| Ticket | None |
| Created | Fri Mar 5 00:02:28 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22186 | Medium | Yes | Access restriction bypass | An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group... |
| CVE-2021-22185 | Medium | Yes | Cross-site scripting | Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a... |
| References |
|---|
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ |
| Notes |
|---|
There are two more issues in this announcement for which a CVE has been requested, but has not been assigned yet. |