← Retour aux CVEs

CVE-2021-22261

HIGH

7.3

Description

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses

Details CVE

Score CVSS v3.17.3

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisHIGH

Interaction utilisateurREQUIRED

Publie10/5/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

gitlab:gitlab

Faiblesses (CWE)

CWE-79

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22261.json(cve@gitlab.com)

https://gitlab.com/gitlab-org/gitlab/-/issues/328389(cve@gitlab.com)

https://hackerone.com/reports/1132083(cve@gitlab.com)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22261.json(af854a3a-2127-422b-91ae-364da2661108)

https://gitlab.com/gitlab-org/gitlab/-/issues/328389(af854a3a-2127-422b-91ae-364da2661108)

https://hackerone.com/reports/1132083(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.