Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-22226

 

Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-22226

Published: July 6, 2021 / Updated: July 6, 2021


Vulnerability identifier: #VU54569
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-22226
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys.


How to mitigate CVE-2021-22226

Install updates from vendor's website.

Sources