CVE-2021-22224Cross-Site Request Forgery in Gitlab

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 40.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedJul 7
Latest updateMay 24

Description

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDgitlab/gitlab13.12.013.12.6+1
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=13.12, <13.12.6, >=14.0, <14.0.2+1
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-3f26-542m-36hv: A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 132022-05-24
OSV
CVE-2021-22224: A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 132021-07-07

📋Vendor Advisories

2
GitLab
CVE-2021-22224: A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker2021-07-07
Debian
CVE-2021-22224: gitlab - A cross-site request forgery vulnerability in the GraphQL API in GitLab since ve...2021