CVE-2021-22193

Published: Mar 24, 2021Modified: Nov 21, 2024

3.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.1 / Impact: 1.4

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.7.0 to 13.7.6
Gitlab Gitlab	From 13.8.0 to 13.8.2
Gitlab Gitlab	From 7.1.0 to 13.6.6
Gitlab Gitlab	From 13.7.0 to 13.7.6
Gitlab Gitlab	From 13.8.0 to 13.8.2
Gitlab Gitlab	From 7.1.0 to 13.6.6

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22193.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/12560

Source: cve@gitlab.com

ExploitThird Party Advisory

https://hackerone.com/reports/605608

Source: cve@gitlab.com

ExploitIssue TrackingThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22193.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/12560

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://hackerone.com/reports/605608

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.