CVE-2021-22261

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22261

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22261.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22261

Aliases

BIT-gitlab-2021-22261

Related

UBUNTU-CVE-2021-22261

Published

2021-10-05T14:15:07Z

Modified

2024-11-21T05:49:48Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

a1a60e9f753f4e99f2b13b24028a6092a897cc06

Fixed

e8824bdbcb70ab6210d3de565d52662d95c96978