cve-2021-22188
Vulnerability from cvelistv5
Published
2021-03-03 17:56
Modified
2024-08-03 18:37
Severity
Summary
An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.
References
Source | URL | Tags |
---|---|---|
cve@gitlab.com | https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json | Vendor Advisory |
cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/227040 | Broken Link |
cve@gitlab.com | https://hackerone.com/reports/916340 | Permissions Required, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:37:18.206Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/227040" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/916340" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitLab", "vendor": "GitLab", "versions": [ { "status": "affected", "version": "\u003e=13.8, \u003c13.8.4" }, { "status": "affected", "version": "\u003e=13.7, \u003c13.7.7" }, { "status": "affected", "version": "\u003e=13.0, \u003c13.6.7" } ] } ], "credits": [ { "lang": "en", "value": "Thanks aemirercin for reporting this vulnerability through our HackerOne bug bounty program" } ], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Information exposure in GitLab", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-03T17:56:21", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/227040" }, { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/916340" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@gitlab.com", "ID": "CVE-2021-22188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitLab", "version": { "version_data": [ { "version_value": "\u003e=13.8, \u003c13.8.4" }, { "version_value": "\u003e=13.7, \u003c13.7.7" }, { "version_value": "\u003e=13.0, \u003c13.6.7" } ] } } ] }, "vendor_name": "GitLab" } ] } }, "credit": [ { "lang": "eng", "value": "Thanks aemirercin for reporting this vulnerability through our HackerOne bug bounty program" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information exposure in GitLab" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/227040", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/227040" }, { "name": "https://hackerone.com/reports/916340", "refsource": "MISC", "url": "https://hackerone.com/reports/916340" }, { "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json" } ] } } } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2021-22188", "datePublished": "2021-03-03T17:56:21", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:37:18.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-22188\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2021-03-03T18:15:14.550\",\"lastModified\":\"2021-03-10T18:25:54.080\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en GitLab, que afecta a todas las versiones desde la versi\u00f3n 13.0.\u0026#xa0;Los t\u00edtulos de problemas confidenciales en Gitlab eran legibles por un usuario no autorizado por medio de los registros de ramas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.6.7\",\"matchCriteriaId\":\"DB80F7C8-5F75-458C-A879-0BB48554C572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.6.7\",\"matchCriteriaId\":\"5ADE6D80-B46F-4F13-849C-A220B7714877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"13.7.0\",\"versionEndExcluding\":\"13.7.7\",\"matchCriteriaId\":\"4BBAF21A-84DD-4987-B4BE-2A8CAA44210A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"13.7.0\",\"versionEndExcluding\":\"13.7.7\",\"matchCriteriaId\":\"9AE735A5-FC67-4B16-B27B-86C51C8771C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"13.8.0\",\"versionEndExcluding\":\"13.8.4\",\"matchCriteriaId\":\"D3009669-C930-4517-914D-5DB9A0E40B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"13.8.0\",\"versionEndExcluding\":\"13.8.4\",\"matchCriteriaId\":\"9F7976E8-BDA5-4104-AC3E-38C02CC613A7\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/227040\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hackerone.com/reports/916340\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}" } }
Loading...