CVE-2021-22167Gitlab vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 51.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedJan 15
Latest updateMay 24

Description

An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDgitlab/gitlab12.1.013.5.6+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=12.1, <13.5.6, >=13.6, <13.6.4, >=13.7, <13.7.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-q84m-97hf-554f: An issue has been discovered in GitLab affecting all versions starting from 122022-05-24
OSV
CVE-2021-22167: An issue has been discovered in GitLab affecting all versions starting from 122021-01-15

📋Vendor Advisories

2
GitLab
CVE-2021-22167: An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a2021-01-15
Debian
CVE-2021-22167: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...2021