CVE-2021-22223 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site scripting |
Description | Client-Side code injection through a Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2125 | gitlab | 14.0.1-1 | 14.0.3-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
06 Jul 2021 | ASA-202107-18 | AVG-2125 | gitlab | High | multiple issues |
References |
---|
https://gitlab.com/gitlab-org/gitlab/-/issues/293946 https://hackerone.com/reports/1059557 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.json |