CVE-2021-22218

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22218

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22218.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22218

Aliases

BIT-gitlab-2021-22218

Published

2021-06-08T16:15:13.530Z

Modified

2026-02-11T01:51:00.434543Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0bd32f788647bb832f3d9eb5746cbda5300e0fa2

Fixed

7327f6c9bf4fa71bc518992f995cc7648c102c07

Introduced

12a3ec8fb4a540576b2d47247bc86ea7e2c7565b

Fixed

865a93b831bfcc63d49d6f2d14ccfafe216e4a99

Introduced

47f41a4a74f364c731aafd34a93bddb630f62230

Fixed

d6e2cf8d41eceec30c20b921d9779bbd539ae594

Affected versions

v13.*

v13.11.0-ee

v13.11.1-ee

v13.11.2-ee

v13.11.3-ee

v13.11.4-ee

v13.12.0-ee

v13.12.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22218.json"