Lucene search

[email protected]NVD:CVE-2021-22253

HistoryAug 23, 2021 - 8:15 p.m.

CVE-2021-22253

2021-08-2320:15:13

CWE-863

[email protected]

web.nvd.nist.gov

gitlab ee

improper authorization

unauthorized deployment

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

38.5%

JSON

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed

Affected configurations

Nvd

Node

gitlabgitlabRange13.4.0–13.12.9community

gitlabgitlabRange13.4.0–13.12.9enterprise

gitlabgitlabRange14.0.0–14.0.7community

gitlabgitlabRange14.0.0–14.0.7enterprise

gitlabgitlabRange14.1.0–14.1.2community

gitlabgitlabRange14.1.0–14.1.2enterprise

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22253.json

gitlab.com/gitlab-org/gitlab/-/issues/323794

hackerone.com/reports/1113783

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

38.5%

JSON

Related for NVD:CVE-2021-22253

debiancve1 ubuntucve1 prion1 cvelist1 osv2 nessus1 cve1