GitLabCVELIST:CVE-2021-39946CVE-2021-39946
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=14.3, <14.3.6"
},
{
"status": "affected",
"version": ">=14.4, <14.4.4"
},
{
"status": "affected",
"version": ">=14.5, <14.5.2"
}
]
}
]Related
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%