AVG-2251 log

Package gitlab
Status Fixed
Severity High
Type multiple issues
Affected 14.1.1-1
Fixed 14.1.2-1
Current 14.10.2-1 [community]
Ticket None
Created Tue Aug 3 20:13:20 2021
Issue Severity Remote Type Description
CVE-2021-22241 High Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting from 13.4 and before 14.1.2. It was possible to exploit a stored cross-site-scripting...
CVE-2021-22239 Medium Yes Access restriction bypass
An unauthorized user was able to insert metadata when creating a new issue on GitLab 14.0 and later before version 14.1.2.
CVE-2021-22237 Medium Yes Access restriction bypass
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This...
CVE-2021-22236 Medium Yes Incorrect calculation
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is...
Date Advisory Package Type
10 Aug 2021 ASA-202108-7 gitlab multiple issues
References
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
Notes
The advisory contains 13 more security issues for which a CVE ID has been request, but has not been assigned yet.