CVE-2021-22186
https://notcve.org/view.php?id=CVE-2021-22186
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners Un problema de autorización en GitLab CE/EE versiones 9.4 y posteriores, permitió a un mantenedor de grupo modificar unas variables de CI/CD de grupo que deberían estar restringidas a los propietarios del grupo • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22186.json https://gitlab.com/gitlab-org/gitlab/-/issues/321653 • CWE-863: Incorrect Authorization •
CVE-2021-22185
https://notcve.org/view.php?id=CVE-2021-22185
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki Un saneamiento insuficiente de la entrada en wikis en GitLab versiones 13.8 y posteriores, permite a un atacante explotar una vulnerabilidad de tipo cross-site scripting almacenada por medio de un commit especialmente diseñado para un wiki • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json https://gitlab.com/gitlab-org/gitlab/-/issues/299143 https://hackerone.com/reports/1087061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-22192
https://notcve.org/view.php?id=CVE-2021-22192
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 13.2, permitiendo a usuarios autenticados no autorizados ejecutar código arbitrario en el servidor • https://github.com/EXP-Docs/CVE-2021-22192 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json https://gitlab.com/gitlab-org/gitlab/-/issues/324452 https://hackerone.com/reports/1125425 •
CVE-2021-22183
https://notcve.org/view.php?id=CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de 11.8. GitLab era vulnerable a un XSS almacenado en la página epics, que podría haber sido explotado con las interacciones del usuario • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22183.json https://gitlab.com/gitlab-org/gitlab/-/issues/294176 https://hackerone.com/reports/1055814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-22189
https://notcve.org/view.php?id=CVE-2021-22189
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. A partir de la versión 13.7, las ediciones de Gitlab CE/EE, estaban afectadas por un problema de seguridad relacionado a la comprobación de los certificados para Fortinet OTP que podría resultar en problemas de autenticación • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22189.json https://gitlab.com/gitlab-org/gitlab/-/issues/296557 • CWE-295: Improper Certificate Validation •