CVE-2021-22238 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Cross-site scripting
Description	An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored cross-site scripting (XSS) attack by using the design feature in issues.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2335	gitlab	14.2.1-1	14.2.2-1	Medium	Fixed

References
https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/#stored-xss-in-markdown-via-the-design-reference https://gitlab.com/gitlab-org/gitlab/-/issues/332420 https://hackerone.com/reports/1212067

References

https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/#stored-xss-in-markdown-via-the-design-reference
https://gitlab.com/gitlab-org/gitlab/-/issues/332420
https://hackerone.com/reports/1212067