{"id":"CVE-2021-22209","details":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.","aliases":["BIT-gitlab-2021-22209"],"modified":"2026-04-09T07:30:19.205965Z","published":"2021-05-06T14:15:08.017Z","references":[{"type":"ADVISORY","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22209.json"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/327155"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"1ae10d096922ba13b0ffaa20ab616f86dbeb5a89"},{"fixed":"55effbbba527b094f7e3606d62b7c81fc7963150"},{"introduced":"1ae10d096922ba13b0ffaa20ab616f86dbeb5a89"},{"fixed":"55effbbba527b094f7e3606d62b7c81fc7963150"},{"introduced":"0d2d9558dba50b1496bf368954318d465825e8e3"},{"fixed":"fcf9700aae78344b7e768f63ec7c333442ccb53c"},{"introduced":"0d2d9558dba50b1496bf368954318d465825e8e3"},{"fixed":"fcf9700aae78344b7e768f63ec7c333442ccb53c"},{"introduced":"47f41a4a74f364c731aafd34a93bddb630f62230"},{"fixed":"5898a4590037d926bf5c1e438aa2f21582ddf47f"},{"introduced":"47f41a4a74f364c731aafd34a93bddb630f62230"},{"fixed":"5898a4590037d926bf5c1e438aa2f21582ddf47f"}],"database_specific":{"versions":[{"introduced":"13.8.0"},{"fixed":"13.9.7"},{"introduced":"13.8.0"},{"fixed":"13.9.7"},{"introduced":"13.10.0"},{"fixed":"13.10.4"},{"introduced":"13.10.0"},{"fixed":"13.10.4"},{"introduced":"13.11.0"},{"fixed":"13.11.2"},{"introduced":"13.11.0"},{"fixed":"13.11.2"}]}}],"versions":["v13.10.0-ee","v13.10.2-ee","v13.11.0-ee","v13.11.1-ee"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22209.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}