GitLab Community Edition/Enterprise Edition API cross-site request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition (Bug Tracking Software) (affected version unknown). Affected by this vulnerability is some unknown functionality of the component API. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/03/2021 02:36 AM04/08/2021 08:01 AM04/08/2021 08:06 AM
vendorGitLabGitLabGitLab
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
componentAPIAPIAPI
cwe352 (cross site request forgery)352 (cross site request forgery)352 (cross site request forgery)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
urlhttps://hackerone.com/reports/471274https://hackerone.com/reports/471274https://hackerone.com/reports/471274
confirm_urlhttps://gitlab.com/gitlab-org/gitlab/-/issues/26017https://gitlab.com/gitlab-org/gitlab/-/issues/26017https://gitlab.com/gitlab-org/gitlab/-/issues/26017
cveCVE-2021-22202CVE-2021-22202CVE-2021-22202
date1617400800 (04/03/2021)1617400800 (04/03/2021)1617400800 (04/03/2021)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore5.05.05.0
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.34.3
cvss3_meta_basescore4.34.34.3
cvss3_meta_tempscore4.34.34.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16098012001609801200
cve_nvd_summaryAn issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
cve_cnaGitLab Inc.

Do you want to use VulDB in your project?

Use the official API to access entries easily!