CVE-2021-22247Incorrect Authorization in Gitlab

CWE-863Incorrect Authorization5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 52.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab CE
Timeline
PublishedAug 25
Latest updateMay 24

Description

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDgitlab/gitlab13.0.013.12.9+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=13.0, <13.12.9, >=14.0, <14.0.7, >=14.1, <14.1.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-fhrq-2vr4-f65r: Improper authorization in GitLab CE/EE affecting all versions since 132022-05-24
OSV
CVE-2021-22247: Improper authorization in GitLab CE/EE affecting all versions since 132021-08-25

📋Vendor Advisories

2
GitLab
CVE-2021-22247: Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics2021-08-25
Debian
CVE-2021-22247: gitlab - Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows ...2021