Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-22226
Published: July 6, 2021 / Updated: July 6, 2021
Vulnerability identifier: #VU54569
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-22226
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
GitLab Enterprise Edition
Gitlab Community Edition
GitLab Enterprise Edition
Detailed vulnerability description
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys.
How to mitigate CVE-2021-22226
Install updates from vendor's website.