CVE-2021-22197

Published Apr 2, 2021

Last updated 3 months ago

Overview

Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
Source: cve@gitlab.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-835

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC197906-EB26-47CA-B0D4-0DE46888F1C3",
            "versionEndExcluding": "13.8.7",
            "versionStartIncluding": "10.6.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1FE1428-9F41-436B-838F-0BFBAD71686A",
            "versionEndExcluding": "13.8.7",
            "versionStartIncluding": "10.6.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92D30002-B702-42A1-A168-2F81BB39C293",
            "versionEndExcluding": "13.9.5",
            "versionStartIncluding": "13.9.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE6524B2-FF9C-48DA-8850-7A4FAE2C4DBC",
            "versionEndExcluding": "13.9.5",
            "versionStartIncluding": "13.9.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FEE2C2F-791C-4C56-A069-663D85CE5448",
            "versionEndExcluding": "13.10.1",
            "versionStartIncluding": "13.10.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D4F2787-E776-4615-B8F9-486AFA754440",
            "versionEndExcluding": "13.10.1",
            "versionStartIncluding": "13.10.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References