CVE-2021-22218

CVE-2021-22218

Name

CVE-2021-22218

Description

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22218.json
MISC	https://gitlab.com/gitlab-org/gitlab/-/issues/297665
MISC	https://hackerone.com/reports/1077019

Type

URI

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22218.json

MISC

https://gitlab.com/gitlab-org/gitlab/-/issues/297665

MISC

https://hackerone.com/reports/1077019

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 10.5.0	< 13.10.5
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 13.11.0	< 13.11.5
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 13.12.0	< 13.12.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 10.5.0

< 13.10.5

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 13.11.0

< 13.11.5

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 13.12.0

< 13.12.2

References

Match rules

Vulnerable and fixed packages