CVE-2021-22215 — Resource Exposure in Gitlab

CWE-668 — Resource Exposure4 documents4 sources

Severity

2.7LOWNVD

EPSS

0.2%

top 57.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedJun 8

Latest updateMay 24

Description

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab13.11.0 — 13.11.5+1

▶CVEListV5gitlab/gitlab>=13.11, <13.11.5, >=13.12, <13.12.2+1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-m8j6-rg22-ww2f: An information disclosure vulnerability in GitLab EE versions 13↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2021-22215: An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call r↗2021-06-08

▶

Debian

CVE-2021-22215: gitlab - An information disclosure vulnerability in GitLab EE versions 13.11 and later al...↗2021

▶