CVE Vulnerabilities

CVE-2021-22180

Direct Request ('Forced Browsing')

Published: Mar 26, 2021 | Modified: Jul 12, 2022
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.

Weakness

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 13.8.0 *
Gitlab Gitlab 13.8.0 *
Gitlab Gitlab 13.7.0 *
Gitlab Gitlab 13.7.0 *
Gitlab Gitlab 13.6.0 *
Gitlab Gitlab 13.6.0 *

Potential Mitigations

References