GitLab Community Edition/Enterprise Edition 13.9 Import File information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition 13.9 (Bug Tracking Software). Affected is an unknown functionality of the component Import File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	04/03/2021 02:36 AM	04/08/2021 07:55 AM	04/08/2021 07:58 AM
vendor	GitLab	GitLab	GitLab
name	Community Edition/Enterprise Edition	Community Edition/Enterprise Edition	Community Edition/Enterprise Edition
version	13.9	13.9	13.9
component	Import File Handler	Import File Handler	Import File Handler
cwe	200 (information disclosure)	200 (information disclosure)	200 (information disclosure)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rc	C	C	C
url	https://hackerone.com/reports/1132378	https://hackerone.com/reports/1132378	https://hackerone.com/reports/1132378
confirm_url	https://gitlab.com/gitlab-org/gitlab/-/issues/325562	https://gitlab.com/gitlab-org/gitlab/-/issues/325562	https://gitlab.com/gitlab-org/gitlab/-/issues/325562
cve	CVE-2021-22201	CVE-2021-22201	CVE-2021-22201
date	1617400800 (04/03/2021)	1617400800 (04/03/2021)	1617400800 (04/03/2021)
type	Bug Tracking Software	Bug Tracking Software	Bug Tracking Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	4.0	4.0	4.0
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.3	4.3	4.3
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	4.3	4.3	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1609801200	1609801200
cve_nvd_summary		An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.
cve_cna			GitLab Inc.

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!