CVE-2021-22218

Summary

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.8, <13.10.5affected
GitLabGitLab>=13.11, <13.11.5affected
GitLabGitLab>=13.12, <13.12.2affected

Weaknesses

  • Authentication bypass by spoofing in GitLab

ADP Enrichment

CVE Program Container

Additional References

References