Vulnerability Details CVE-2021-22227
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22227.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/212887
- https://hackerone.com/reports/834555
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22227.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/212887
- https://hackerone.com/reports/834555
Products affected by CVE-2021-22227
-
cpe:2.3:a:gitlab:gitlab:*
-
cpe:2.3:a:gitlab:gitlab:-
-
cpe:2.3:a:gitlab:gitlab:10.7.0
-
cpe:2.3:a:gitlab:gitlab:11.2.0
-
cpe:2.3:a:gitlab:gitlab:11.8.0
-
cpe:2.3:a:gitlab:gitlab:12.0.0
-
cpe:2.3:a:gitlab:gitlab:12.10.0
-
cpe:2.3:a:gitlab:gitlab:12.10.13
-
cpe:2.3:a:gitlab:gitlab:12.6.2
-
cpe:2.3:a:gitlab:gitlab:12.9.0
-
cpe:2.3:a:gitlab:gitlab:13.0.0
-
cpe:2.3:a:gitlab:gitlab:13.0.10
-
cpe:2.3:a:gitlab:gitlab:13.0.12
-
cpe:2.3:a:gitlab:gitlab:13.0.14
-
cpe:2.3:a:gitlab:gitlab:13.0.7
-
cpe:2.3:a:gitlab:gitlab:13.0.8
-
cpe:2.3:a:gitlab:gitlab:13.0.9
-
cpe:2.3:a:gitlab:gitlab:13.1.0
-
cpe:2.3:a:gitlab:gitlab:13.1.1
-
cpe:2.3:a:gitlab:gitlab:13.1.2
-
cpe:2.3:a:gitlab:gitlab:13.1.8
-
cpe:2.3:a:gitlab:gitlab:13.2.0
-
cpe:2.3:a:gitlab:gitlab:13.2.6
-
cpe:2.3:a:gitlab:gitlab:9.4.0