CVE-2021-22201

Опубликовано: 02 апр. 2021

Источник: nvd

CVSS3: 9.6

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22201.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/325562
Broken Link
https://hackerone.com/reports/1132378
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22201.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/325562
Broken Link
https://hackerone.com/reports/1132378
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 13.9.0 (включая) до 13.9.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 13.9.0 (включая) до 13.9.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 13.10.0 (включая) до 13.10.1 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 13.10.0 (включая) до 13.10.1 (исключая)

EPSS

Процентиль: 92%

0.0899

Низкий

9.6 Critical

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-22201

CVSS3: 9.6

ubuntu

почти 5 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

CVE-2021-22201

CVSS3: 9.6

debian

почти 5 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions st ...

GHSA-4c45-wmm4-4hq2

CVSS3: 6.5

github

больше 3 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

EPSS

Процентиль: 92%

0.0899

Низкий

9.6 Critical

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo