AVG-2604 log
| Package | gitlab |
| Status | Not affected |
| Severity | Medium |
| Type | multiple issues |
| Affected | 14.5.0-1 |
| Fixed | Not affected |
| Current | 18.5.0-1 [extra] |
| Ticket | None |
| Created | Tue Dec 7 09:39:11 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-39930 | Medium | Yes | Information disclosure | Missing authorization in GitLab EE before version 14.5.2 allowed an attacker to access a user's custom project and group templates. |
| CVE-2021-39918 | Low | Yes | Access restriction bypass | Incorrect Authorization in GitLab EE affecting all versions before version 14.5.2 allows a user to add comments to a vulnerability which cannot be accessed. |
| CVE-2021-39916 | Medium | Yes | Information disclosure | Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status... |