CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf
References
Link Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22260.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/336614 Exploit Issue Tracking Vendor Advisory
https://hackerone.com/reports/1257383 Permissions Required Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Information

Published : 2021-11-04 17:15

Updated : 2022-09-29 19:33


NVD link : CVE-2021-22260

Mitre link : CVE-2021-22260


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

gitlab

  • gitlab