CVE-2021-22239Incorrect Authorization in Gitlab

CWE-863Incorrect Authorization5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab CE
Timeline
PublishedSep 9
Latest updateMay 24

Description

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDgitlab/gitlab14.0.014.0.7+1
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=14.0, <14.0.7, >=14.1, <14.1.2+1
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-7gxg-937v-gfc4: An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 142022-05-24
OSV
CVE-2021-22239: An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 142021-09-09

📋Vendor Advisories

2
GitLab
CVE-2021-22239: An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.2021-09-09
Debian
CVE-2021-22239: gitlab - An unauthorized user was able to insert metadata when creating new issue on GitL...2021