CVE-2021-22261 — Vulnetix

CVE-2021-22261 PUBLISHED

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses

EPSS 0.20% · 41.8th percentile

Risk Scores

EPSS Score

0.20%

41.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	13.9.0, 14.1.0, 14.2.0
Bitnami	gitlab	13.9.0, 14.1.0, 14.2.0

Exploit Intelligence

https://gitlab.com/gitlab-org/gitlab/-/issues/328389 (circl)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22261.json (circl)
https://hackerone.com/reports/1132083 (bitnami)

Timeline

Jul 1, 2021 CVE Published
Oct 6, 2021 EPSS Score
Dec 2, 2021 EPSS Score
Jan 28, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 25, 2022 EPSS Score
May 21, 2022 EPSS Score
Jul 18, 2022 EPSS Score
Sep 13, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22261.json url
https://gitlab.com/gitlab-org/gitlab/-/issues/328389 url
https://hackerone.com/reports/1132083 url
https://nvd.nist.gov/vuln/detail/CVE-2021-22261 url

Open in Interactive Console →