CVE-2021-22223 - log back

CVE-2021-22223 edited at 06 Jul 2021 18:02:33
Description
- Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
+ Client-Side code injection through a Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
CVE-2021-22223 edited at 06 Jul 2021 17:47:41
Description
- A security issue has been found in GitLab before version 14.0.2. Client-Side code injection through Feature Flag name starting with GitLab CE/EE 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
+ Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
References
- https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/#stored-xss-on-audit-log
https://gitlab.com/gitlab-org/gitlab/-/issues/293946
https://hackerone.com/reports/1059557
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.json
CVE-2021-22223 edited at 06 Jul 2021 17:46:39
References
https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/#stored-xss-on-audit-log
+ https://gitlab.com/gitlab-org/gitlab/-/issues/293946
+ https://hackerone.com/reports/1059557
+ https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.json
CVE-2021-22223 edited at 02 Jul 2021 08:37:11
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ A security issue has been found in GitLab before version 14.0.2. Client-Side code injection through Feature Flag name starting with GitLab CE/EE 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
References
+ https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/#stored-xss-on-audit-log
Notes
CVE-2021-22223 created at 02 Jul 2021 08:36:05