CVE-2021-22186

Summary

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=9.4, <13.7.8affected
GitLabGitLab>=13.8, <13.8.5affected
GitLabGitLab>=13.9, <13.9.2affected

Weaknesses

  • Improper authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References