PT-2021-6484 · Gitlab · Gitlab Ce/Ee+1

Published

2021-08-23

Updated

2024-03-06

CVE-2021-22248

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.12 and later

Description The issue is related to improper authorization on the pipelines page, allowing unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only. This could potentially allow a remote attacker to access confidential data.

Recommendations For GitLab CE/EE versions 13.12 and later, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the pipelines page for public projects to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2022-01733

BIT-GITLAB-2021-22248

CVE-2021-22248

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2021-6484 · Gitlab · Gitlab Ce/Ee+1

CVE-2021-22248

Weakness Enumeration

Related Identifiers

Affected Products

References · 14