Vulnerability Description
Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 13.12.0, < 14.0.9 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22262.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/327062Broken Link
- https://hackerone.com/reports/1147812Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22262.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/327062Broken Link
- https://hackerone.com/reports/1147812Permissions RequiredThird Party Advisory
FAQ
What is CVE-2021-22262?
CVE-2021-22262 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integr...
How severe is CVE-2021-22262?
CVE-2021-22262 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22262?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.