Lucene search

GitLabCVELIST:CVE-2021-22195

HistoryApr 01, 2021 - 5:36 p.m.

CVE-2021-22195

2021-04-0117:36:21

GitLab

www.cve.org

client side code execution

gitlab

vscode extension

v3.15.0

attacker

user system

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

36.4%

JSON

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system

CNA Affected

[
  {
    "product": "gitlab-vscode-extension",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": "<=3.15.0"
      }
    ]
  }
]

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22195.json

gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/325

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

36.4%

JSON

Related for CVELIST:CVE-2021-22195