Lucene search
GitLabCVELIST:CVE-2021-22172HistoryMar 26, 2021 - 7:06 p.m.
CVE-2021-22172
2021-03-2619:06:48
GitLab
www.cve.org
4
gitlab
improper authorization
guest user
private project
tag data
releases page
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
34.4%
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=12.8, <13.6.6"
},
{
"status": "affected",
"version": ">=13.7.0, <13.7.6"
},
{
"status": "affected",
"version": ">=13.8.0, <13.8.2"
}
]
}
]Related
prion
prion
Authorization
2021-03-26 20:15:00
osv
osv
CVE-2021-22172
2021-03-26 20:15:12
BIT-gitlab-2021-22172
2024-03-06 11:20:37
veracode
veracode
Improper Authorization
2023-08-06 14:24:33
archlinux
archlinux
[ASA-202102-11] gitlab: information disclosure
2021-02-06 00:00:00
debiancve
debiancve
CVE-2021-22172
2021-03-26 20:15:12
nessus
nessus
cve
cve
CVE-2021-22172
2021-03-26 20:15:12
ubuntucve
ubuntucve
CVE-2021-22172
2021-03-26 00:00:00
nvd
nvd
CVE-2021-22172
2021-03-26 20:15:12
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2021-02-01 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.5
Confidence
High
EPSS
0.001
Percentile
34.4%
Related for CVELIST:CVE-2021-22172