CVE-2021-22262

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22262
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22262.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22262
Aliases
Related
Published
2021-10-05T14:15:07Z
Modified
2024-10-12T07:20:44.504489Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee

v1.*

v1.0.2
v1.1.0pre
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2

v10.*

v10.1.0.pre
v10.2.0.pre
v10.3.0.pre
v10.4.0.pre
v10.5.0.pre
v10.6.0.pre
v10.7.0.pre
v10.8.0.pre
v10.9.0.pre

v11.*

v11.0.0.pre
v11.1.0.pre
v11.2.0.pre
v11.3.0.pre

v14.*

v14.0.0-ee
v14.0.0-rc42-ee
v14.0.0-rc43-ee
v14.0.0-rc44-ee
v14.0.1-ee
v14.0.2-ee
v14.0.3-ee
v14.0.4-ee
v14.0.5-ee
v14.0.6-ee
v14.0.7-ee
v14.0.8-ee

v2.*

v2.0.0
v2.1.0
v2.2.0
v2.2.0pre
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0

v4.*

v4.0.0
v4.0.0rc1
v4.0.0rc2

v5.*

v5.0.0
v5.1.0
v5.2.0
v5.3.0

v6.*

v6.0.0
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.0-ee
v6.3.1-ee
v6.4.0
v6.4.0-ee
v6.4.0.pre1
v6.4.0.pre2
v6.4.0.pre3
v6.4.1
v6.4.2
v6.4.3
v6.5.0
v6.5.0-ee
v6.5.0.rc1
v6.5.1
v6.6.0
v6.6.0-ee
v6.6.0.pre1
v6.6.0.rc1
v6.6.1
v6.6.2
v6.7.0-ee
v6.7.0.rc1
v6.7.0.rc1-ee
v6.7.1
v6.7.2
v6.8.0
v6.8.0-ee
v6.8.0.rc1
v6.8.1
v6.9.0.rc1

v7.*

v7.0.0
v7.0.0-ee
v7.0.0.rc1
v7.1.0
v7.1.0-ee
v7.1.0.rc1
v7.1.0.rc1-ee
v7.2.0.rc1
v7.2.0.rc1-ee
v7.2.0.rc2
v7.2.0.rc2-ee
v7.2.0.rc3
v7.2.0.rc3-ee
v7.2.0.rc4
v7.2.0.rc4-ee
v7.2.0.rc5
v7.2.0.rc5-ee
v7.3.0
v7.3.0-ee
v7.3.0.rc1
v7.3.0.rc1-ee
v7.4.0
v7.4.0-ee
v7.4.1
v7.4.1-ee
v7.4.2
v7.4.2-ee
v7.4.3
v7.4.3-ee
v7.4.4-ee

v8.*

v8.10.0.pre
v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.0.pre
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.13.0.pre
v8.14.0.pre
v8.15.0.pre
v8.16.0.pre
v8.17.0.pre
v8.18.0.pre
v8.2.0-ee
v8.2.0.rc1
v8.2.0.rc1-ee
v8.2.0.rc2
v8.2.0.rc2-ee
v8.4.0.rc1
v8.8.0
v8.8.0-ee
v8.8.0-rc1
v8.8.0-rc1-ee
v8.8.0-rc2
v8.8.0-rc2-ee
v8.8.1-ee

v9.*

v9.1.0.pre
v9.2.0.pre
v9.3.0.pre
v9.5.0.pre
v9.6.0.pre