← Volver a CVEs
CVE-2021-22251
MEDIUM4.3
Descripcion
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado8/23/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
gitlab:gitlab
Debilidades (CWE)
CWE-863
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/14004(cve@gitlab.com)
https://hackerone.com/reports/679567(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/14004(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/679567(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.