CVE Vulnerabilities

CVE-2021-22228

Published: Jul 06, 2021 | Modified: Jul 22, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab * 13.11.6 (excluding)
Gitlab Gitlab 13.12.0 (including) 13.12.6 (excluding)
Gitlab Gitlab 14.0.0 (including) 14.0.2 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu xenial *

References