CVE-2021-22228

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.
References
Link Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/332605 Exploit Issue Tracking Patch Vendor Advisory
https://hackerone.com/reports/1192460 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

History

22 Jul 2022, 10:59

Type Values Removed Values Added
CWE NVD-CWE-Other
References (MISC) https://hackerone.com/reports/1192460 - Permissions Required (MISC) https://hackerone.com/reports/1192460 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/332605 - Broken Link (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/332605 - Exploit, Issue Tracking, Patch, Vendor Advisory

28 Jun 2022, 14:11

Type Values Removed Values Added
CWE CWE-287 NVD-CWE-Other

12 May 2022, 20:15

Type Values Removed Values Added
Summary An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql. An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.

08 Jul 2021, 19:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-287
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/332605 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/332605 - Broken Link
References (MISC) https://hackerone.com/reports/1192460 - (MISC) https://hackerone.com/reports/1192460 - Permissions Required
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json - Vendor Advisory

06 Jul 2021, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-06 22:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-22228

Mitre link : CVE-2021-22228

CVE.ORG link : CVE-2021-22228


JSON object : View

Products Affected

gitlab

  • gitlab