CVE-2021-22260 — Vulnetix

CVE-2021-22260 PUBLISHED

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf

EPSS 0.16% · 36.8th percentile

Risk Scores

EPSS Score

0.16%

36.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	13.7.0, 14.1.0, 14.2.0
Bitnami	gitlab	13.7.0, 14.2.0, 14.1.0

Exploit Intelligence

https://gitlab.com/gitlab-org/gitlab/-/issues/336614 (nist-nvd)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22260.json (circl)
https://hackerone.com/reports/1257383 (bitnami)

Timeline

Jul 1, 2021 CVE Published
Nov 5, 2021 EPSS Score
Dec 31, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 24, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 24, 2022 CVE Updated
Jun 16, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Oct 6, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

Open in Interactive Console →