CVE-2021-22186 log

Severity Medium
Remote Yes
Type Access restriction bypass
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners. The issue is fixed in GitLab versions 13.9.2, 13.8.5 and 13.7.8.
Group Package Affected Fixed Severity Status Ticket
AVG-1648 gitlab 13.9.1-1 13.9.2-1 Medium Fixed