An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/332605 | Exploit Issue Tracking Patch Vendor Advisory |
https://hackerone.com/reports/1192460 | Exploit Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Jul 2022, 10:59
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | (MISC) https://hackerone.com/reports/1192460 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/332605 - Exploit, Issue Tracking, Patch, Vendor Advisory |
28 Jun 2022, 14:11
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
12 May 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql. |
08 Jul 2021, 19:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CWE | CWE-287 | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/332605 - Broken Link | |
References | (MISC) https://hackerone.com/reports/1192460 - Permissions Required | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json - Vendor Advisory |
06 Jul 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-06 22:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-22228
Mitre link : CVE-2021-22228
CVE.ORG link : CVE-2021-22228
JSON object : View
Products Affected
gitlab
- gitlab
CWE