Lucene search

Veracode Vulnerability DatabaseVERACODE:42269

HistoryAug 06, 2023 - 2:24 p.m.

Improper Authorization

2023-08-0614:24:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

improper authorization

vulnerable

private projects

release pages

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

34.4%

JSON

gitlab is vulnerable to Improper Authorization. This allows a malicious user in a private project to view tag data on release pages due to improper authorization checks within gitlab.

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22172.json

gitlab.com/gitlab-org/gitlab/-/issues/212911

hackerone.com/reports/833334

security-tracker.debian.org/tracker/CVE-2021-22172

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

34.4%

JSON

Related for VERACODE:42269