CVE-2021-22234

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.0, <14.0.4affected
GitLabGitLab>=13.12, <13.12.8affected
GitLabGitLab>=13.11, <13.11.7affected

Weaknesses

  • Information exposure in GitLab

ADP Enrichment

CVE Program Container

Additional References

References