CVE-2021-22186 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Access restriction bypass |
| Description | An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners. The issue is fixed in GitLab versions 13.9.2, 13.8.5 and 13.7.8. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1648 | gitlab | 13.9.1-1 | 13.9.2-1 | Medium | Fixed |
| References |
|---|
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/#group-maintainers-are-able-to-use-the-group-cicd-variables-api |