AVG-2604 log
Package | gitlab |
Status | Not affected |
Severity | Medium |
Type | multiple issues |
Affected | 14.5.0-1 |
Fixed | Not affected |
Current | 17.7.0-1 [extra] |
Ticket | None |
Created | Tue Dec 7 09:39:11 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-39930 | Medium | Yes | Information disclosure | Missing authorization in GitLab EE before version 14.5.2 allowed an attacker to access a user's custom project and group templates. |
CVE-2021-39918 | Low | Yes | Access restriction bypass | Incorrect Authorization in GitLab EE affecting all versions before version 14.5.2 allows a user to add comments to a vulnerability which cannot be accessed. |
CVE-2021-39916 | Medium | Yes | Information disclosure | Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status... |