[ASA-202108-7] gitlab: multiple issues

🗓️ 10 Aug 2021 00:00:00Reported by ArchLinuxType

gitlab: multiple issues including XSS, access restriction bypass, and incorrect calculation. Upgrade to version 14.1.2-

Reporter	Title	Published	Views	Family All 71
FreeBSD	Gitlab -- Gitlab	3 Aug 202100:00	–	freebsd
Circl	CVE-2021-22236	25 Aug 202122:26	–	circl
Circl	CVE-2021-22237	25 Aug 202122:25	–	circl
Circl	CVE-2021-22239	9 Sep 202118:29	–	circl
CNNVD	GitLab 输入验证错误漏洞	4 Aug 202100:00	–	cnnvd
CNNVD	GitLab 访问控制错误漏洞	4 Aug 202100:00	–	cnnvd
CNNVD	GitLab 授权问题漏洞	4 Aug 202100:00	–	cnnvd
CNNVD	GitLab 跨站脚本漏洞	5 Aug 202100:00	–	cnnvd
Check Point Advisories	GitLab Community and Enterprise Cross-Site Scripting (CVE-2021-22241)	30 Dec 202100:00	–	checkpoint_advisories
CVE	CVE-2021-22236	25 Aug 202118:39	–	cve

OS	OS Version	Architecture	Package	Package Version	Filename
Arch Linux	–	any	gitlab	14.1.2-1	gitlab-14.1.2-1-any.pkg.tar.zst

Source	Link
security	www.security.archlinux.org/AVG-2251
about	www.about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
about	www.about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
about	www.about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
about	www.about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
about	www.about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22241.json
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/336460
hackerone	www.hackerone.com/reports/1256777
security	www.security.archlinux.org/CVE-2021-22236

10 Aug 2021 00:00Current

1Low risk

Vulners AI Score1

CVSS 26.5

CVSS 3.18.7 - 8.8

EPSS0.00225