CVE-2021-22224 HIGH

CVE-2021-22224

Vendor Gitlab
Product GitLab
Published July 7, 2021
Last update August 3, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim

Key dates

02Disclosure timeline

July 7, 2021 CVE published
August 3, 2024 Record updated