CVE-2021-22224
HIGHGitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
Title source: llmDescription
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/324397
Permissions Required x_refsource_misc
https://hackerone.com/reports/1122408
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22224.json
Scores
CVSS v3
7.1
EPSS
0.0037
EPSS Percentile
59.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
gitlab/gitlab
13.12.0 - 13.12.6
Published
Jul 07, 2021
Tracked Since
Feb 18, 2026