What is CVE-2021-22238?

CVE-2021-22238 is a medium-severity vulnerability in Gitlab. CVSS score: 6.8/10. Published 2021-08-20.

How severe is CVE-2021-22238?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Gitlab

CVE-2021-22238

An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.

EPSS: 0.718 (99.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N.

Affected products

Gitlab — versions >=14.1, <14.1.2, >=14.0, <14.0.7, >13.3, <13.12.9

References

hackerone.com/reports/1212067 (x_refsource_MISC)
gitlab.com/gitlab-org/gitlab/-/issues/332420 (x_refsource_MISC)
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22238.json (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-22238?: CVE-2021-22238 is a medium-severity vulnerability in Gitlab. CVSS score: 6.8/10. Published 2021-08-20.
How severe is CVE-2021-22238?: Medium severity. CVSS v3 base score is 6.8 out of 10.