CVE-2021-22227

Sažetak

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/212887
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22227.json
https://hackerone.com/reports/834555

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

10-07-2021 - 02:35

Objavljeno

07-07-2021 - 11:15