← Back

CVE-2021-22263

nvd nist
Published: Oct 11, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.2 / Impact: 5.2
Source: NVD

Description

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 13.0.0 to 14.0.9
Gitlab
From 14.1.0 to 14.1.4
Gitlab
From 14.2.0 to 14.2.2
Gitlab
From 13.0.0 to 14.0.9
Gitlab
From 14.1.0 to 14.1.4
Gitlab
From 14.2.0 to 14.2.2

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

Source: cve@gitlab.com
Vendor Advisory
Source: cve@gitlab.com
ExploitIssue TrackingVendor Advisory
Source: cve@gitlab.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.