CVE-2021-22240

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 54.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab Gitlab Gitlab EE

Timeline

PublishedAug 5

Latest updateMay 24

Description

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

▶NVDgitlab/gitlab13.7.0 — 13.11.6+2

▶CVEListV5gitlab/gitlab_ee>=13.12, <13.12.6, >=13.7, <13.11.6, >=14.0, <14.0.2+2

🔴Vulnerability Details

GHSA

GHSA-79vw-576r-jwjv: Improper access control in GitLab EE versions 13↗2022-05-24

▶

CVEList

CVE-2021-22240: Improper access control in GitLab EE versions 13↗2021-08-05

▶

📋Vendor Advisories

GitLab

CVE-2021-22240: Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enable↗2021-08-05

▶

Debian

CVE-2021-22240: gitlab - Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allow...↗2021

▶