Vulnerabilities > CVE-2021-22251 - Incorrect Authorization vulnerability in Gitlab

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
gitlab
CWE-863
NVD
Published: 2021-08-23
Updated: 2021-08-28

Summary

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings

Vulnerable Configurations

Part Description Count
Application
Gitlab
216

Common Weakness Enumeration (CWE)

References