CVE-2021-22208

Description

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update.

How to fix CVE-2021-22208

To remediate CVE-2021-22208, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 13.9.7 or later

Is CVE-2021-22208 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 13.5.0, < 13.9.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (3)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22208.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/301212
WEBnvd.nist.gov/vuln/detail/CVE-2021-22208