CVE-2021-22241

🗓️ 05 Aug 2021 19:28:23Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 201 Views

An issue discovered in GitLab CE/EE affecting all versions from 14.0, allowing stored cross-site scripting via crafted default branch name

Reporter	Title	Published	Views	Family All 17
ArchLinux	[ASA-202108-7] gitlab: multiple issues	10 Aug 202100:00	–	archlinux
CNNVD	GitLab 跨站脚本漏洞	5 Aug 202100:00	–	cnnvd
Check Point Advisories	GitLab Community and Enterprise Cross-Site Scripting (CVE-2021-22241)	30 Dec 202100:00	–	checkpoint_advisories
Cvelist	CVE-2021-22241	5 Aug 202119:28	–	cvelist
Debian CVE	CVE-2021-22241	5 Aug 202119:28	–	debiancve
EUVD	EUVD-2021-9387	3 Oct 202520:07	–	euvd
Tenable Nessus	GitLab 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22241)	3 Jan 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2021-22241	27 Aug 202500:00	–	nessus
NVD	CVE-2021-22241	5 Aug 202120:15	–	nvd
OSV	BIT-GITLAB-2021-22241	6 Mar 202411:19	–	osv

NVD

Vulners

Node

gitlab gitlabRange14.0.0–14.0.7community

gitlab gitlabRange14.0.0–14.0.7enterprise

gitlab gitlabRange14.1.0–14.1.2community

gitlab gitlabRange14.1.0–14.1.2enterprise

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=14.1, <14.1.2"
      },
      {
        "status": "affected",
        "version": ">=14.0, <14.0.7"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1256777
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/336460
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22241.json

21 Nov 2024 05:49Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.15.4 - 8.7

EPSS0.00191

CWE-79

cve-2021-22241 gitlab ce ee security vulnerability cross-site scripting nvd