CVE-2021-22180

2021-03-2620:15:12

Google

osv.dev

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.6%

JSON

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.

CPENameOperatorVersion
gitlabeq13.8.1-ee
gitlabeq13.8.2-ee
gitlabeq13.8.0-ee
gitlabeq13.8.3-ee

Name	Operator	Version
gitlab	eq	13.8.1-ee
gitlab	eq	13.8.2-ee
gitlab	eq	13.8.0-ee
gitlab	eq	13.8.3-ee

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22180.json

gitlab.com/gitlab-org/gitlab/-/issues/295662

hackerone.com/reports/1064645