CVE-2021-22218 Information

Description

All versions of GitLab CE/EE starting from 12.8 before 13.10.5 all versions starting from 13.11 before 13.11.5 and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Reference

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22218.json https://gitlab.com/gitlab-org/gitlab/-/issues/297665 https://hackerone.com/reports/1077019

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

2.6