CVE-2021-22234

Published Aug 5, 2021

Last updated 2 years ago

CVSS medium 6.4

Overview

Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.
Source: cve@gitlab.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.4
Impact score: 2.7
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6054239C-6565-4A2B-B89B-1227ABCFD2DD",
            "versionEndIncluding": "13.11.7",
            "versionStartIncluding": "13.11.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "607EAE34-2962-4EA2-A78C-3C91357074DA",
            "versionEndIncluding": "13.11.7",
            "versionStartIncluding": "13.11.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63624DE8-5DCF-4A01-A992-5AAB2940224F",
            "versionEndIncluding": "13.12.8",
            "versionStartIncluding": "13.12.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DC54E9B-DD1E-4111-9661-12952DAD41CF",
            "versionEndIncluding": "13.12.8",
            "versionStartIncluding": "13.12.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81BD24C6-BE7B-4770-80E8-683427C98795",
            "versionEndIncluding": "14.0.4",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDB584A1-A659-45CA-ABF8-DF35EB234834",
            "versionEndIncluding": "14.0.4",
            "versionStartIncluding": "14.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References