CVE-2021-22262
MEDIUMGitLab 13.12-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Incorrect Authorization in Jira Connect Namespace Management
Title source: llmDescription
Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/327062
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1147812
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22262.json
Scores
CVSS v3
5.4
EPSS
0.0015
EPSS Percentile
35.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-863
Status
published
Products (1)
gitlab/gitlab
13.12.0 - 14.0.9 (2 CPE variants)
Published
Oct 05, 2021
Tracked Since
Feb 18, 2026