Improper access control

2021-08-0520:15:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

CPENameOperatorVersion
gitlabge14.0.0
gitlablt14.0.2
gitlabge13.12.0
gitlablt13.12.6
gitlabge13.7.0
gitlablt13.11.6

Name	Operator	Version
gitlab	ge	14.0.0
gitlab	lt	14.0.2
gitlab	ge	13.12.0
gitlab	lt	13.12.6
gitlab	ge	13.7.0
gitlab	lt	13.11.6

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22240.json

gitlab.com/gitlab-org/gitlab/-/issues/327641

hackerone.com/reports/1166566