CVE-2021-22198

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.8, <13.8.7affected
GitLabGitLab>=13.9, <13.9.5affected
GitLabGitLab>=13.10, <13.10.1affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References