CVE-2021-22261
HIGHGitLab 13.9-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Stored Cross-Site Scripting via Jira Integration
Title source: llmDescription
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/328389
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1132083
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22261.json
Scores
CVSS v3
7.3
EPSS
0.0020
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-79
Status
published
Products (1)
gitlab/gitlab
13.9.0 - 14.0.9 (2 CPE variants)
Published
Oct 05, 2021
Tracked Since
Feb 18, 2026