PT-2021-14913 · Gitlab · Gitlab Ce/Ee+1
Mishre
·
Published
2021-04-02
·
Updated
2024-03-06
·
CVE-2021-22202
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab CE/EE versions prior to the fixed version
Description:
An issue has been discovered affecting all previous versions of GitLab CE/EE. It allows for a CSRF attack in System hooks through the API if the victim is an admin.
Recommendations:
For all versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to System hooks through the API to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee