CVE-2021-22203

🗓️ 02 Apr 2021 17:13:15Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 42 Views

An issue in GitLab CE/EE allows attackers to read arbitrary files on the server

Reporter	Title	Published	Views	Family All 10
Cvelist	CVE-2021-22203	2 Apr 202116:16	–	cvelist
OSV	BIT-gitlab-2021-22203	6 Mar 202411:20	–	osv
OSV	CVE-2021-22203	2 Apr 202117:15	–	osv
NVD	CVE-2021-22203	2 Apr 202117:15	–	nvd
Veracode	Arbitrary File Read	6 Aug 202314:34	–	veracode
UbuntuCve	CVE-2021-22203	2 Apr 202100:00	–	ubuntucve
Tenable Nessus	GitLab 13.7.9 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22203)	2 Jan 202400:00	–	nessus
Prion	Code injection	2 Apr 202117:15	–	prion
Debian CVE	CVE-2021-22203	2 Apr 202117:15	–	debiancve
RedhatCVE	CVE-2021-22203	6 Feb 202504:15	–	redhatcve

Nvd

Vulners

Node

gitlab gitlabRange13.7.9–13.8.7community

gitlab gitlabRange13.7.9–13.8.7enterprise

gitlab gitlabRange13.9.0–13.9.5community

gitlab gitlabRange13.9.0–13.9.5enterprise

gitlab gitlabMatch13.10.0community

gitlab gitlabMatch13.10.0enterprise

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=13.10, <13.10.1"
      },
      {
        "status": "affected",
        "version": ">=13.9, <13.9.5"
      },
      {
        "status": "affected",
        "version": ">=13.7.9, <13.8.7"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/320919
hackerone	www.hackerone.com/reports/1098793
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22203.json

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Apr 2021 17:15Current

9High risk

Vulners AI Score9

CVSS27.5

CVSS37.5 - 9.8

EPSS0.00565

gitlab ce ee cve-2021-22203 security vulnerability file reading server