CVE-2021-22202

Опубликовано: 02 апр. 2021

Источник: nvd

CVSS3: 2.4

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22202.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/26017
Broken Link
https://hackerone.com/reports/471274
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22202.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/26017
Broken Link
https://hackerone.com/reports/471274
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия до 13.10.0 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия до 13.10.0 (включая)

EPSS

Процентиль: 37%

0.00156

Низкий

2.4 Low

CVSS3

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-22202

CVSS3: 2.4

ubuntu

почти 5 лет назад

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.

CVE-2021-22202

CVSS3: 2.4

debian

почти 5 лет назад

An issue has been discovered in GitLab CE/EE affecting all previous ve ...

GHSA-5hrw-2pjr-f25r

github

больше 3 лет назад

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.

EPSS

Процентиль: 37%

0.00156

Низкий

2.4 Low

CVSS3

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352