AVG-1770 log

Package gitlab
Status Fixed
Severity Critical
Type multiple issues
Affected 13.9.4-1
Fixed 13.10.1-1
Current 14.2.3-1 [community]
Ticket None
Created Sat Apr 3 09:03:52 2021
Issue Severity Remote Type Description
CVE-2021-22203 High Yes Arbitrary filesystem access
An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary...
CVE-2021-22202 Low Yes Cross-site request forgery
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a cross- site request...
CVE-2021-22201 Critical Yes Directory traversal
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. The...
CVE-2021-22200 Medium Yes Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an...
CVE-2021-22199 Low Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored cross-site scripting (XSS) attack if...
CVE-2021-22198 Medium Yes Access restriction bypass
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of...
CVE-2021-22197 Low Yes Denial of service
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific...
CVE-2021-22196 Medium Yes Cross-site scripting
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site- scripting in merge...