CVE-2021-22262

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1

Description: The issue concerns missing access control in GitLab with Jira Cloud integration enabled, allowing Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page.

Recommendations: For GitLab versions 13.12 through 14.0.8, update to version 14.0.9 or later. For GitLab versions 14.1 through 14.1.3, update to version 14.1.4 or later. For GitLab versions 14.2 through 14.2.1, update to version 14.2.2 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-GITLAB-2021-22262

CVE-2021-22262

Affected Products

Gitlab

CVE-2021-22262

Weakness Enumeration

Related Identifiers

Affected Products

References · 10