| Vulnerability Name: | CVE-2021-22218 (CCN-203292) | ||||||||||||
| Assigned: | 2021-06-08 | ||||||||||||
| Published: | 2021-06-08 | ||||||||||||
| Updated: | 2022-07-22 | ||||||||||||
| Summary: | All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. | ||||||||||||
| CVSS v3 Severity: | 2.6 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N) 2.3 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
2.3 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-295 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-22218 Source: XF Type: UNKNOWN gitlab-cve202122218-sec-bypass(203292) Source: CCN Type: GitLab Web site CVE-2021-22218.json Source: CONFIRM Type: Vendor Advisory https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22218.json Source: MISC Type: Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/297665 Source: MISC Type: Permissions Required, Third Party Advisory https://hackerone.com/reports/1077019 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||