[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-22254Date: (C)2021-08-24   (M)2023-12-22


Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score : 3.5
Exploit Score: 2.8Exploit Score: 6.8
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json
https://gitlab.com/gitlab-org/gitlab/-/issues/300265
https://hackerone.com/reports/1087806

CPE    2
cpe:/a:gitlab:gitlab:::~~community~~~
cpe:/a:gitlab:gitlab:::~~enterprise~~~
CWE    1
CWE-116

© SecPod Technologies