GitLab Community Edition/Enterprise Edition 13.7.9 Wiki Page information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition 13.7.9 (Bug Tracking Software). Affected by this issue is an unknown part of the component Wiki Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/03/2021 02:37 AM04/08/2021 08:11 AM04/08/2021 08:15 AM
vendorGitLabGitLabGitLab
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
version13.7.913.7.913.7.9
componentWiki PageWiki PageWiki Page
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
urlhttps://hackerone.com/reports/1098793https://hackerone.com/reports/1098793https://hackerone.com/reports/1098793
confirm_urlhttps://gitlab.com/gitlab-org/gitlab/-/issues/320919https://gitlab.com/gitlab-org/gitlab/-/issues/320919https://gitlab.com/gitlab-org/gitlab/-/issues/320919
cveCVE-2021-22203CVE-2021-22203CVE-2021-22203
date1617400800 (04/03/2021)1617400800 (04/03/2021)1617400800 (04/03/2021)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.62.62.6
cvss3_vuldb_basescore3.73.73.7
cvss3_vuldb_tempscore3.73.73.7
cvss3_meta_basescore3.73.73.7
cvss3_meta_tempscore3.73.73.7
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16098012001609801200
cve_nvd_summaryAn issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.
cve_cnaGitLab Inc.

Might our Artificial Intelligence support you?

Check our Alexa App!