Unrated severityNVD Advisory· Published Aug 23, 2021· Updated Aug 3, 2024

CVE-2021-22251

Description

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings

Affected products

GitLab Inc./CE/EEllm-fuzzy
Range: >=12.2
osv-coords
pkg:bitnami/gitlab
Range: >= 12.2.0, < 13.12.9
GitLab Inc./GitLabv5
Range: >=12.2, <13.12.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.jsonmitrex_refsource_CONFIRM
gitlab.com/gitlab-org/gitlab/-/issues/14004mitrex_refsource_MISC
hackerone.com/reports/679567mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000