CVE-2021-22240

EPSS 0.23%
Veröffentlicht 05.08.2021 20:15:07
Zuletzt bearbeitet 21.11.2024 05:49:46
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ GitLab SwEditionenterprise Version >= 13.7.0 < 13.11.6

Gitlab ≫ GitLab SwEditionenterprise Version >= 13.12.0 < 13.12.6

Gitlab ≫ GitLab SwEditionenterprise Version >= 14.0.0 < 14.0.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.452

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
cve@gitlab.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22240.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/327641

Broken Link

https://hackerone.com/reports/1166566

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-22240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22240

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-22240