5.4

CVE-2021-22262

Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version >= 13.12.0 < 14.0.9
GitlabGitlab SwEditionenterprise Version >= 13.12.0 < 14.0.9
GitlabGitlab SwEditioncommunity Version >= 14.1.0 < 14.1.4
GitlabGitlab SwEditionenterprise Version >= 14.1.0 < 14.1.4
GitlabGitlab SwEditioncommunity Version >= 14.2.0 < 14.2.2
GitlabGitlab SwEditionenterprise Version >= 14.2.0 < 14.2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.368
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
cve@gitlab.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://hackerone.com/reports/1147812
Third Party Advisory
Permissions Required