CVE-2021-22260

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.7 through 14.0.8 GitLab CE/EE versions 14.1 through 14.1.3 GitLab CE/EE versions 14.2 through 14.2.1

Description The issue is related to a stored Cross-Site Scripting vulnerability in the DataDog integration of GitLab. This vulnerability is associated with insufficient protection of the api keys url web page structure. An attacker can exploit this vulnerability to conduct cross-site scripting attacks, allowing them to execute arbitrary JavaScript code on the victim's behalf.

Recommendations For GitLab CE/EE versions 13.7 through 14.0.8, update to version 14.0.9 or later. For GitLab CE/EE versions 14.1 through 14.1.3, update to version 14.1.4 or later. For GitLab CE/EE versions 14.2 through 14.2.1, update to version 14.2.2 or later. As a temporary workaround, consider restricting access to the DataDog integration until a patch is applied.