CVE-2021-22228

Published: Jul 6, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 13.11.6
Gitlab Gitlab	From 13.12.0 to 13.12.6
Gitlab Gitlab	From 14.0.0 to 14.0.2

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/332605

Source: cve@gitlab.com

ExploitIssue TrackingPatchVendor Advisory

https://hackerone.com/reports/1192460

Source: cve@gitlab.com

ExploitIssue TrackingThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/332605

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

https://hackerone.com/reports/1192460

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.