#VU54569 Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-22226
Published: July 6, 2021 / Updated: July 6, 2021
Vulnerability identifier: #VU54569
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-22226
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition
Gitlab Community Edition
GitLab Enterprise Edition
Software vendor:
GitLab, Inc
GitLab, Inc
Description
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys.
Remediation
Install updates from vendor's website.