← back
CVE-2021-22180

CVE-2021-22180

CVSS 4.3 MEDIUMEPSS 0.9%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22180.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/295662https://hackerone.com/reports/1064645