{"vulnerability": "CVE-2021-2226", "sightings": [{"uuid": "0352d0a4-5a21-4d9e-8d5d-05e35affca4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22264", "type": "seen", "source": "https://t.me/cibsecurity/29984", "content": "\u203c CVE-2021-22264 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T18:30:32.000000Z"}, {"uuid": "41361a07-1e58-4f65-ad15-12717eefadf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22261", "type": "seen", "source": "https://t.me/cibsecurity/29983", "content": "\u203c CVE-2021-22261 \u203c\n\nA stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T18:30:31.000000Z"}, {"uuid": "30c6b592-0ae1-4854-b943-73056cc505f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22262", "type": "seen", "source": "https://t.me/cibsecurity/29980", "content": "\u203c CVE-2021-22262 \u203c\n\nMissing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T18:30:28.000000Z"}, {"uuid": "ccd129b3-d644-4c6d-b1c6-99722d1157e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-22263", "type": "seen", "source": "https://t.me/cibsecurity/30352", "content": "\u203c CVE-2021-22263 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T20:24:45.000000Z"}]}