cve-2021-22263
Vulnerability from cvelistv5
Published
2021-10-11 16:47
Modified
2024-08-03 18:37
Severity
5.5 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Summary
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.
References
SourceURLTags
cve@gitlab.comhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.jsonVendor Advisory
cve@gitlab.comhttps://gitlab.com/gitlab-org/gitlab/-/issues/331473Exploit, Issue Tracking, Vendor Advisory
cve@gitlab.comhttps://hackerone.com/reports/1193062Exploit, Third Party Advisory
Impacted products
VendorProduct
GitLabGitLab
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:37:18.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/331473"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1193062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GitLab",
          "vendor": "GitLab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=13.0, \u003c14.0.9"
            },
            {
              "status": "affected",
              "version": "\u003e=14.1, \u003c14.1.4"
            },
            {
              "status": "affected",
              "version": "\u003e=14.2, \u003c14.2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks @joaxcar for reporting this vulnerability through our HackerOne bug bounty program."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with \u0027external\u0027 status which is granted \u0027Maintainer\u0027 role on any project on the GitLab instance where \u0027project tokens\u0027 are allowed may elevate its privilege to \u0027Internal\u0027 and access Internal projects."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper privilege management in GitLab",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-11T16:47:47",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/331473"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1193062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@gitlab.com",
          "ID": "CVE-2021-22263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GitLab",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e=13.0, \u003c14.0.9"
                          },
                          {
                            "version_value": "\u003e=14.1, \u003c14.1.4"
                          },
                          {
                            "version_value": "\u003e=14.2, \u003c14.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GitLab"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks @joaxcar for reporting this vulnerability through our HackerOne bug bounty program."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with \u0027external\u0027 status which is granted \u0027Maintainer\u0027 role on any project on the GitLab instance where \u0027project tokens\u0027 are allowed may elevate its privilege to \u0027Internal\u0027 and access Internal projects."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper privilege management in GitLab"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/331473",
              "refsource": "MISC",
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/331473"
            },
            {
              "name": "https://hackerone.com/reports/1193062",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1193062"
            },
            {
              "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2021-22263",
    "datePublished": "2021-10-11T16:47:47",
    "dateReserved": "2021-01-05T00:00:00",
    "dateUpdated": "2024-08-03T18:37:18.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22263\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2021-10-11T17:15:07.537\",\"lastModified\":\"2021-10-18T19:37:47.873\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with \u0027external\u0027 status which is granted \u0027Maintainer\u0027 role on any project on the GitLab instance where \u0027project tokens\u0027 are allowed may elevate its privilege to \u0027Internal\u0027 and access Internal projects.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en GitLab afectando todas las versiones a partir de la 13.0 anteriores a 14.0.9, todas las versiones a partir de la 14.1 anteriores a 14.1.4, todas las versiones a partir de la 14.2 anteriores a 14.2.2. Una cuenta de usuario con estado \\\"external\\\" a la que se le haya concedido el rol \\\"Maintainer\\\" en cualquier proyecto de la instancia de GitLab en la que se permitan los \\\"tokens de proyecto\\\" puede elevar su privilegio a \\\"Internal\\\" y acceder a los proyectos Internos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"14.0.9\",\"matchCriteriaId\":\"63F23DAB-6DA8-4038-854B-991B239AA7A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"14.0.9\",\"matchCriteriaId\":\"6A06534D-7B62-4F9C-88CD-DA404FC59768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.4\",\"matchCriteriaId\":\"9A88A687-E3B3-43B3-87C6-489DF361D7D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.4\",\"matchCriteriaId\":\"B0917E00-8A8B-456B-8AF9-FEDE1B16079F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"14.2.0\",\"versionEndExcluding\":\"14.2.2\",\"matchCriteriaId\":\"3CE159DB-7F83-42A6-9527-EB372B1F0C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"14.2.0\",\"versionEndExcluding\":\"14.2.2\",\"matchCriteriaId\":\"9748F8EA-2A15-4F22-8C54-5CA56B75EA58\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/331473\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/1193062\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.