3 matches found
GitLab 11.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22223)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
CVE-2021-22223
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...
CVE-2021-22223
GitLab CE/EE vulnerable to Client-Side code injection via feature flag names (CVE-2021-22223). Affected versions: 11.9 up to before 14.0.2. Root cause: crafted feature flag name allows PUT requests on behalf of other users when a link is clicked. Impact: an attacker could perform actions on behal...