gsd-2021-22251
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-22251",
"description": "Improper validation of invited users\u0027 email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings",
"id": "GSD-2021-22251"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-22251"
],
"details": "Improper validation of invited users\u0027 email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings",
"id": "GSD-2021-22251",
"modified": "2023-12-13T01:23:24.626340Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "\u003e=12.2, \u003c13.12.9"
},
{
"version_value": "\u003e=14.0, \u003c14.0.7"
},
{
"version_value": "\u003e=14.1, \u003c14.1.2"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks @ashish_r_padelkar for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of invited users\u0027 email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/14004",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/14004"
},
{
"name": "https://hackerone.com/reports/679567",
"refsource": "MISC",
"url": "https://hackerone.com/reports/679567"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.12.9",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.7",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.2",
"versionStartIncluding": "14.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22251"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Improper validation of invited users\u0027 email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/14004",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/14004"
},
{
"name": "https://hackerone.com/reports/679567",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/679567"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2021-08-28T01:25Z",
"publishedDate": "2021-08-23T20:15Z"
}
}
}
Loading...