CVE-2021-22234

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.11 through 13.11.6 GitLab CE/EE versions 13.12 through 13.12.7 GitLab CE/EE versions 14.0 through 14.0.3

Description An issue has been discovered in GitLab CE/EE that allows attackers to read arbitrary files on the server by using a specially crafted design image. This issue is related to information disclosure and can be exploited by a remote attacker to access confidential data.

Recommendations For versions 13.11 through 13.11.6, update to version 13.11.7 or later. For versions 13.12 through 13.12.7, update to version 13.12.8 or later. For versions 14.0 through 14.0.3, update to version 14.0.4 or later.

Exploit

Fix

Information Disclosure

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-79

Related Identifiers

BDU:2022-01773

BIT-GITLAB-2021-22234

CVE-2021-22234

Affected Products

Gitlab

Gitlab Ce/Ee

CVE-2021-22234

Weakness Enumeration

Related Identifiers

Affected Products

References · 13