Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-22186 - log back

CVE-2021-22186 edited at 05 Mar 2021 00:05:16

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Access restriction bypass

Description

+	An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners. The issue is fixed in GitLab versions 13.9.2, 13.8.5 and 13.7.8.

References

+	https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/#group-maintainers-are-able-to-use-the-group-cicd-variables-api

Notes

CVE-2021-22186 created at 05 Mar 2021 00:02:28