Ubuntu.comUB:CVE-2021-22228CVE-2021-22228
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
50.7%
An issue has been discovered in GitLab affecting all versions before
13.11.6, all versions starting from 13.12 before 13.12.6, and all versions
starting from 14.0 before 14.0.2. Improper access control allows
unauthorised users to access project details using Graphql.
References
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json
gitlab.com/gitlab-org/gitlab/-/issues/332605
hackerone.com/reports/1192460
launchpad.net/bugs/cve/CVE-2021-22228
nvd.nist.gov/vuln/detail/CVE-2021-22228
security-tracker.debian.org/tracker/CVE-2021-22228
www.cve.org/CVERecord?id=CVE-2021-22228
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
50.7%