Lucene search
GitLabCVELIST:CVE-2021-22241HistoryAug 05, 2021 - 7:28 p.m.
CVE-2021-22241
2021-08-0519:28:23
GitLab
www.cve.org
4
gitlab
ce
ee
cross-site-scripting
crafted
default branch
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
8.4
Confidence
High
EPSS
0.001
Percentile
29.6%
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=14.1, <14.1.2"
},
{
"status": "affected",
"version": ">=14.0, <14.0.7"
}
]
}
]Related
osv
osv
CVE-2021-22241
2021-08-05 20:15:07
BIT-gitlab-2021-22241
2024-03-06 11:19:21
ubuntucve
ubuntucve
CVE-2021-22241
2021-08-05 00:00:00
checkpoint_advisories
checkpoint_advisories
GitLab Community and Enterprise Cross-Site Scripting (CVE-2021-22241)
2021-12-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2023-08-06 14:37:07
nessus
nessus
GitLab 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22241)
2024-01-03 00:00:00
prion
prion
Cross site scripting
2021-08-05 20:15:00
cve
cve
CVE-2021-22241
2021-08-05 20:15:07
nvd
nvd
CVE-2021-22241
2021-08-05 20:15:07
debiancve
debiancve
CVE-2021-22241
2021-08-05 20:15:07
archlinux
archlinux
[ASA-202108-7] gitlab: multiple issues
2021-08-10 00:00:00
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
8.4
Confidence
High
EPSS
0.001
Percentile
29.6%
Related for CVELIST:CVE-2021-22241