Ubuntu.comUB:CVE-2021-22262CVE-2021-22262
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
0.001 Low
EPSS
Percentile
29.8%
Missing access control in all GitLab versions starting from 13.12 before
14.0.9, all versions starting from 14.1 before 14.1.4, and all versions
starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows
Jira users without administrative privileges to add and remove Jira Connect
Namespaces via the GitLab.com for Jira Cloud application configuration page
References
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22262.json
gitlab.com/gitlab-org/gitlab/-/issues/327062
hackerone.com/reports/1147812
launchpad.net/bugs/cve/CVE-2021-22262
nvd.nist.gov/vuln/detail/CVE-2021-22262
security-tracker.debian.org/tracker/CVE-2021-22262
www.cve.org/CVERecord?id=CVE-2021-22262
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
0.001 Low
EPSS
Percentile
29.8%