← Back to CVEs
CVE-2021-22263
MEDIUM5.5
Description
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published10/11/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
gitlab:gitlab
Weaknesses (CWE)
CWE-269
References
https://gitlab.com/gitlab-org/gitlab/-/issues/331473(cve@gitlab.com)
https://hackerone.com/reports/1193062(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/331473(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1193062(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.