GitLab Community Edition/Enterprise Edition 13.9 Import File information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition 13.9 (Bug Tracking Software). Affected is an unknown functionality of the component Import File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/03/2021 02:36 AM04/08/2021 07:55 AM04/08/2021 07:58 AM
vendorGitLabGitLabGitLab
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
version13.913.913.9
componentImport File HandlerImport File HandlerImport File Handler
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
urlhttps://hackerone.com/reports/1132378https://hackerone.com/reports/1132378https://hackerone.com/reports/1132378
confirm_urlhttps://gitlab.com/gitlab-org/gitlab/-/issues/325562https://gitlab.com/gitlab-org/gitlab/-/issues/325562https://gitlab.com/gitlab-org/gitlab/-/issues/325562
cveCVE-2021-22201CVE-2021-22201CVE-2021-22201
date1617400800 (04/03/2021)1617400800 (04/03/2021)1617400800 (04/03/2021)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore4.04.04.0
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.34.3
cvss3_meta_basescore4.34.34.3
cvss3_meta_tempscore4.34.34.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16098012001609801200
cve_nvd_summaryAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.
cve_cnaGitLab Inc.

Might our Artificial Intelligence support you?

Check our Alexa App!