AVG-2604 log

Package gitlab
Status Not affected
Severity Medium
Type multiple issues
Affected 14.5.0-1
Fixed Not affected
Current 14.10.2-1 [community]
Ticket None
Created Tue Dec 7 09:39:11 2021
Issue Severity Remote Type Description
CVE-2021-39930 Medium Yes Information disclosure
Missing authorization in GitLab EE before version 14.5.2 allowed an attacker to access a user's custom project and group templates.
CVE-2021-39918 Low Yes Access restriction bypass
Incorrect Authorization in GitLab EE affecting all versions before version 14.5.2 allows a user to add comments to a vulnerability which cannot be accessed.
CVE-2021-39916 Medium Yes Information disclosure
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status...