CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

CVE-2021-22226

CVE-2021-22226 affects GitLab CE/EE where, under certain conditions, users could push to protected branches restricted to deploy keys. The fixed versions are GitLab 13.11.6, 13.12.6, and 14.0.2 (the issue exists in earlier 13.x/14.x releases). Impact centers on unintended bypass of branch protect...

GitLab访问控制错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An Access Control Error vulnerability exists in GitLab...

GitLab: Exposure of a valid Gitlab-Workhorse JWT leading to various bad things

Summary Using the State Uploading API we could potentially do a bad thing: - Bypass Gitlab::Workhorse.verifyapirequest! This was due to the fact that Workhorse clean the URL before passing it to Rails, this is elaborated in 923027. and State Api read request.body to append it as a file!...