CVE-2021-22251 Information
Jun 07, 2022
cve
Description
Improper validation of invited users’ email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Reference
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json https://gitlab.com/gitlab-org/gitlab/-/issues/14004 https://hackerone.com/reports/679567
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Share on: