Lucene search

Ubuntu.comUB:CVE-2021-22246

HistoryAug 20, 2021 - 12:00 a.m.

CVE-2021-22246

2021-08-2000:00:00

ubuntu.com

gitlab

webhook

vulnerability

dos

attack

version 14.0.2

version 13.12.6

version 13.11.6

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6,
13.11.6. GitLab Webhook feature could be abused to perform denial of
service attacks.

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22246.json

gitlab.com/gitlab-org/gitlab/-/issues/280633

hackerone.com/reports/1029269

launchpad.net/bugs/cve/CVE-2021-22246

nvd.nist.gov/vuln/detail/CVE-2021-22246

security-tracker.debian.org/tracker/CVE-2021-22246

www.cve.org/CVERecord?id=CVE-2021-22246

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

Related for UB:CVE-2021-22246