CVE-2021-22185

Опубликовано: 24 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/299143
Broken Link
https://hackerone.com/reports/1087061
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/299143
Broken Link
https://hackerone.com/reports/1087061
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 13.8.0 (включая) до 13.8.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 13.8.0 (включая) до 13.8.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 13.9.0 (включая) до 13.9.2 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 13.9.0 (включая) до 13.9.2 (исключая)

EPSS

Процентиль: 33%

0.00128

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-22185

CVSS3: 5.4

ubuntu

около 4 лет назад

Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki

CVE-2021-22185

CVSS3: 5.4

debian

около 4 лет назад

Insufficient input sanitization in wikis in GitLab version 13.8 and up ...

GHSA-wf25-2f67-3rmc

github

около 3 лет назад

Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki

EPSS

Процентиль: 33%

0.00128

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79