2 matches found
CVE-2021-22209
GitLab CE/EE (versions 13.8 and later) contains CVE-2021-22209, where GraphQL mutations could be executed due to insufficient authorization token validation. This allowed unauthorized GraphQL mutations on affected instances. Remediation and fixes have been released in GitLab updates: 13.11.2, 13....
FreeBSD : Gitlab -- Vulnerabilities (518a119c-a864-11eb-8ddb-001b217b3468)
Gitlab reports : Read API scoped tokens can execute mutations Pull mirror credentials were exposed Denial of Service when querying repository branches API Non-owners can set systemnotetimestamp when creating / updating issues DeployToken will impersonate a User with the same ID when using...