GitLab Community Edition/Enterprise Edition up to 12.6 Public Project information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 12.6 (Bug Tracking Software). It has been rated as problematic. This issue affects an unknown function of the component Public Project Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/03/2021 02:35 AM04/08/2021 07:48 AM04/08/2021 07:51 AM
cvss3_vuldb_tempscore3.73.73.7
cvss3_meta_basescore3.73.73.7
cvss3_meta_tempscore3.73.73.7
price_0day$0-$5k$0-$5k$0-$5k
vendorGitLabGitLabGitLab
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
version<=12.6<=12.6<=12.6
componentPublic Project HandlerPublic Project HandlerPublic Project Handler
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
urlhttps://gitlab.com/gitlab-org/gitlab/-/issues/247523https://gitlab.com/gitlab-org/gitlab/-/issues/247523https://gitlab.com/gitlab-org/gitlab/-/issues/247523
confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22200.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22200.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22200.json
cveCVE-2021-22200CVE-2021-22200CVE-2021-22200
date1617400800 (04/03/2021)1617400800 (04/03/2021)1617400800 (04/03/2021)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.62.62.6
cvss3_vuldb_basescore3.73.73.7
cve_assigned16098012001609801200
cve_nvd_summaryAn issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.
cve_cnaGitLab Inc.

Do you know our Splunk app?

Download it now for free!