CVE-2021-22176

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22176

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22176.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22176

Aliases

BIT-gitlab-2021-22176

Downstream

UBUNTU-CVE-2021-22176

Published

2021-03-24T17:15:13.727Z

Modified

2026-04-10T04:29:58.390239Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

4bc64b5530a45b26a13bf6e71d3b9d41aa1e8f98

Fixed

db1bf74bddb977558a71053be4faa58a7b62e057

Introduced

4bc64b5530a45b26a13bf6e71d3b9d41aa1e8f98

Fixed

db1bf74bddb977558a71053be4faa58a7b62e057

Introduced

036576a25d67513637c1e2cba5859af47695188e

Fixed

1bb1e6153d6e19ee17a73d50050cf45cc56eb9f4

Introduced

036576a25d67513637c1e2cba5859af47695188e

Fixed

1bb1e6153d6e19ee17a73d50050cf45cc56eb9f4

Introduced

1ae10d096922ba13b0ffaa20ab616f86dbeb5a89

Fixed

f65d7b6f349d10ab95b3643fece3fd7e94d190b1

Introduced

1ae10d096922ba13b0ffaa20ab616f86dbeb5a89

Fixed

f65d7b6f349d10ab95b3643fece3fd7e94d190b1

Database specific

{
    "versions": [
        {
            "introduced": "3.0.1"
        },
        {
            "fixed": "13.6.7"
        },
        {
            "introduced": "3.0.1"
        },
        {
            "fixed": "13.6.7"
        },
        {
            "introduced": "13.7.0"
        },
        {
            "fixed": "13.7.7"
        },
        {
            "introduced": "13.7.0"
        },
        {
            "fixed": "13.7.7"
        },
        {
            "introduced": "13.8.0"
        },
        {
            "fixed": "13.8.4"
        },
        {
            "introduced": "13.8.0"
        },
        {
            "fixed": "13.8.4"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v13.*

v13.6.0-ee

v13.6.0-rc42-ee

v13.6.0-rc43-ee

v13.6.0-rc44-ee

v13.6.0-rc45-ee

v13.6.0-rc46-ee

v13.6.1-ee

v13.6.3-ee

v13.7.0-ee

v13.7.1-ee

v13.7.3-ee

v13.7.5-ee

v13.8.0-ee

v13.8.1-ee

v13.8.3-ee

v3.*

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22176.json"