PT-2021-6607 · Gitlab · Gitlab Ce/Ee+1
Published
2021-07-01
·
Updated
2024-03-06
·
CVE-2021-22230
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 9.3 through 13.11.6
GitLab CE/EE version 13.12.6
GitLab CE/EE version 14.0.2
Description
The issue is related to improper code rendering while rendering merge requests, which could be exploited to submit malicious code. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.
Recommendations
For GitLab CE/EE versions 9.3 through 13.11.6, update to a version later than 13.11.6 to resolve the issue.
For GitLab CE/EE version 13.12.6, update to a version later than 13.12.6 to resolve the issue.
For GitLab CE/EE version 14.0.2, update to a version later than 14.0.2 to resolve the issue.
As a temporary workaround, consider restricting access to merge requests until a patch is available.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee