CVE-2021-22262Incorrect Authorization in Gitlab

CWE-863Incorrect Authorization5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedOct 5
Latest updateMay 24

Description

Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDgitlab/gitlab13.12.014.0.9+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=13.12, <14.0.9, >=14.1, <14.1.4, >=14.2, <14.2.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-j34f-v6r4-25vh: Missing access control in GitLab version 132022-05-24
OSV
CVE-2021-22262: Missing access control in all GitLab versions starting from 132021-10-05

📋Vendor Advisories

2
GitLab
CVE-2021-22262: Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions start2021-10-05
Debian
CVE-2021-22262: gitlab - Missing access control in all GitLab versions starting from 13.12 before 14.0.9,...2021