7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.6%
Severity: High
Date : 2021-07-06
CVE-ID : CVE-2021-22223 CVE-2021-22224 CVE-2021-22225 CVE-2021-22226
CVE-2021-22227 CVE-2021-22228 CVE-2021-22229 CVE-2021-22230
CVE-2021-22231 CVE-2021-22232 CVE-2021-31799
Package : gitlab
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2125
The package gitlab before version 14.0.3-1 is vulnerable to multiple
issues including cross-site request forgery, access restriction bypass,
arbitrary code execution, arbitrary command execution, cross-site
scripting, information disclosure, content spoofing and denial of
service.
Upgrade to 14.0.3-1.
The problems have been fixed upstream in version 14.0.3.
None.
Client-Side code injection through a Feature Flag name in GitLab CE/EE
starting with 11.9 and before version 14.0.2 allows a specially crafted
feature flag name to PUT requests on behalf of other users via clicking
on a link.
A cross-site request forgery vulnerability in the GraphQL API in GitLab
since version 13.12 and before version 14.0.2 allowed an attacker to
call mutations as the victim.
Insufficient input sanitization in markdown in GitLab version 13.11 and
up before version 14.0.2 allows an attacker to exploit a stored cross-
site scripting vulnerability via specially-crafted markdown.
Under certain conditions, some users were able to push to protected
branches that were restricted to deploy keys in GitLab CE/EE since
version 13.9 and before version 14.0.2.
A reflected cross-site script vulnerability in GitLab before version
14.0.2 allowed an attacker to send a malicious link to a victim and
trigger actions on their behalf if they clicked it.
An issue has been discovered in GitLab affecting all versions before
14.0.2. Improper access control allows unauthorised users to access
project details using Graphql.
An issue has been discovered in GitLab CE/EE affecting all versions
starting with 12.8 and before 14.0.2. Under a special condition it was
possible to access data of an internal repository through a project
fork done by a project member.
Improper code rendering while rendering merge requests could be
exploited to submit malicious code. This vulnerability affects GitLab
CE/EE 9.3 and later up to 14.0.2.
A denial of service on the user’s profile page is found starting with
GitLab CE/EE 8.0 and before 14.0.2 that allows an attacker to reject
access to their profile page by using a specially crafted username.
HTML injection was possible via the full name field before version
14.0.2 in GitLab CE.
RDoc before version 6.3.1, as bundled with Ruby before version 2.7.4
and 2.6.8 as well as GitLab before version 14.0.2, used to call
Kernel#open to open a local file. If a Ruby project has a file whose
name starts with “|” and ends with “tags”, the command following the
pipe character is executed. A malicious Ruby project could exploit it
to run an arbitrary command execution against a user who attempts to
run the rdoc command.
A remote attacker could execute arbitrary code, disclose sensitive
information, bypass access restrictions, or spoof content.
https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/293946
https://hackerone.com/reports/1059557
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.json
https://gitlab.com/gitlab-org/gitlab/-/issues/324397
https://hackerone.com/reports/1122408
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22224.json
https://gitlab.com/gitlab-org/gitlab/-/issues/331051
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22225.json
https://gitlab.com/gitlab-org/gitlab/-/issues/326684
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22226.json
https://gitlab.com/gitlab-org/gitlab/-/issues/212887
https://hackerone.com/reports/834555
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22227.json
https://gitlab.com/gitlab-org/gitlab/-/issues/332605
https://hackerone.com/reports/1192460
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json
https://gitlab.com/gitlab-org/gitlab/-/issues/332609
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22229.json
https://gitlab.com/gitlab-org/gitlab/-/issues/211976
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22230.json
https://gitlab.com/gitlab-org/gitlab/-/issues/26295
https://hackerone.com/reports/475098
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22231.json
https://gitlab.com/gitlab-org/gitlab/-/issues/300713
https://hackerone.com/reports/1090634
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22232.json
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7
https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522
https://github.com/ruby/ruby/commit/fe3c49c9baeeab58304ede915b7edd18ecf360fc
https://security.archlinux.org/CVE-2021-22223
https://security.archlinux.org/CVE-2021-22224
https://security.archlinux.org/CVE-2021-22225
https://security.archlinux.org/CVE-2021-22226
https://security.archlinux.org/CVE-2021-22227
https://security.archlinux.org/CVE-2021-22228
https://security.archlinux.org/CVE-2021-22229
https://security.archlinux.org/CVE-2021-22230
https://security.archlinux.org/CVE-2021-22231
https://security.archlinux.org/CVE-2021-22232
https://security.archlinux.org/CVE-2021-31799
about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/
github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7
github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522
github.com/ruby/ruby/commit/fe3c49c9baeeab58304ede915b7edd18ecf360fc
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22224.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22225.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22226.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22227.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22229.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22230.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22231.json
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22232.json
gitlab.com/gitlab-org/gitlab/-/issues/211976
gitlab.com/gitlab-org/gitlab/-/issues/212887
gitlab.com/gitlab-org/gitlab/-/issues/26295
gitlab.com/gitlab-org/gitlab/-/issues/293946
gitlab.com/gitlab-org/gitlab/-/issues/300713
gitlab.com/gitlab-org/gitlab/-/issues/324397
gitlab.com/gitlab-org/gitlab/-/issues/326684
gitlab.com/gitlab-org/gitlab/-/issues/331051
gitlab.com/gitlab-org/gitlab/-/issues/332605
gitlab.com/gitlab-org/gitlab/-/issues/332609
hackerone.com/reports/1059557
hackerone.com/reports/1090634
hackerone.com/reports/1122408
hackerone.com/reports/1192460
hackerone.com/reports/475098
hackerone.com/reports/834555
security.archlinux.org/AVG-2125
security.archlinux.org/CVE-2021-22223
security.archlinux.org/CVE-2021-22224
security.archlinux.org/CVE-2021-22225
security.archlinux.org/CVE-2021-22226
security.archlinux.org/CVE-2021-22227
security.archlinux.org/CVE-2021-22228
security.archlinux.org/CVE-2021-22229
security.archlinux.org/CVE-2021-22230
security.archlinux.org/CVE-2021-22231
security.archlinux.org/CVE-2021-22232
security.archlinux.org/CVE-2021-31799
www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.6%