CVE-2021-22263Improper Privilege Management in Gitlab

CWE-269Improper Privilege Management5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 57.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedOct 11
Latest updateMay 24

Description

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages4 packages

NVDgitlab/gitlab13.0.014.0.9+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=13.0, <14.0.9, >=14.1, <14.1.4, >=14.2, <14.2.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-prvv-j9vx-7x9q: An issue has been discovered in GitLab affecting all versions starting from 132022-05-24
OSV
CVE-2021-22263: An issue has been discovered in GitLab affecting all versions starting from 132021-10-11

📋Vendor Advisories

2
GitLab
CVE-2021-22263: An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all ver2021-10-11
Debian
CVE-2021-22263: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.0...2021