CVE-2021-22254

Published: Aug 20, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.1.0 to 13.12.9
Gitlab Gitlab	From 14.0.0 to 14.0.7
Gitlab Gitlab	From 14.1.0 to 14.1.2
Gitlab Gitlab	From 13.1.0 to 13.12.9
Gitlab Gitlab	From 14.0.0 to 14.0.7
Gitlab Gitlab	From 14.1.0 to 14.1.2

Related CWEs

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/300265

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1087806

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/300265

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1087806

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.