CVE-2021-22223 log

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
Client-Side code injection through a Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
Group Package Affected Fixed Severity Status Ticket
AVG-2125 gitlab 14.0.1-1 14.0.3-1 High Fixed
Date Advisory Group Package Severity Type
06 Jul 2021 ASA-202107-18 AVG-2125 gitlab High multiple issues
References
https://gitlab.com/gitlab-org/gitlab/-/issues/293946
https://hackerone.com/reports/1059557
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.json