CVE-2021-22240

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.11.6, 13.12.6, and 14.0.2

Description The issue is related to improper authorization in GitLab, allowing a remote attacker to impact data integrity. It is also described as an improper access control issue, enabling users to be created via single sign-on despite the user cap being enabled.

Recommendations For GitLab EE version 13.11.6, update to a version that addresses the improper access control issue. For GitLab EE version 13.12.6, update to a version that addresses the improper access control issue. For GitLab EE version 14.0.2, update to a version that addresses the improper access control issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2022-02050

BIT-GITLAB-2021-22240

CVE-2021-22240

Affected Products

Gitlab

Gitlab Ce/Ee

CVE-2021-22240

Weakness Enumeration

Related Identifiers

Affected Products

References · 8