Unrated severityNVD Advisory· Published Jul 6, 2021· Updated Aug 3, 2024
CVE-2021-22223
CVE-2021-22223
Description
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link
Affected products
3>=11.9+ 1 more
- (no CPE)range: >=11.9
- (no CPE)range: >=11.9, <13.11.6
Patches
Vulnerability mechanics
References
3- gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22223.jsonmitrex_refsource_CONFIRM
- gitlab.com/gitlab-org/gitlab/-/issues/293946mitrex_refsource_MISC
- hackerone.com/reports/1059557mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.