CVE-2021-22213 — Vulnetix

CVE-2021-22213 PUBLISHED

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

EPSS 0.96% · 76.9th percentile

Risk Scores

EPSS Score

0.96%

76.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	7.10.0, 13.11.0, 13.12.0
Bitnami	gitlab	7.10.0, 13.11.0, 13.12.0

Exploit Intelligence

https://gitlab.com/gitlab-org/gitlab/-/issues/300308 (circl)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22213.json (circl)
https://hackerone.com/reports/1089277 (bitnami)

Timeline

Jun 8, 2021 CVE Published
Jun 9, 2021 EPSS Score
Aug 10, 2021 EPSS Score
Dec 9, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 8, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Aug 11, 2022 EPSS Score
Oct 11, 2022 EPSS Score
Dec 10, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22213.json url
https://gitlab.com/gitlab-org/gitlab/-/issues/300308 url
https://hackerone.com/reports/1089277 url
https://nvd.nist.gov/vuln/detail/CVE-2021-22213 url

Open in Interactive Console →