What is CVE-2021-22192?

CVE-2021-22192 is a critical-severity vulnerability in Gitlab. CVSS score: 9.9/10. Published 2021-03-24.

How severe is CVE-2021-22192?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2021-22192 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gitlab

CVE-2021-22192

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.

EPSS: 0.812 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Gitlab — versions >=13.2, <13.7.9, >=13.8, <13.8.6, >=13.9, <13.9.4

Public proof-of-concept exploits

References

gitlab.com/gitlab-org/gitlab/-/issues/324452 (x_refsource_MISC)
hackerone.com/reports/1125425 (x_refsource_MISC)
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-22192?: CVE-2021-22192 is a critical-severity vulnerability in Gitlab. CVSS score: 9.9/10. Published 2021-03-24.
How severe is CVE-2021-22192?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2021-22192 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.