6.5

CVE-2021-22228

Exploit
An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab Version < 13.11.6
GitlabGitLab Version >= 13.12.0 < 13.12.6
GitlabGitLab Version >= 14.0.0 < 14.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.35% 0.678
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
cve@gitlab.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/332605
Patch
Vendor Advisory
Exploit
Issue Tracking
https://hackerone.com/reports/1192460
Third Party Advisory
Exploit
Issue Tracking