{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T05:31:33.130","vulnerabilities":[{"cve":{"id":"CVE-2021-22251","sourceIdentifier":"cve@gitlab.com","published":"2021-08-23T20:15:12.830","lastModified":"2024-11-21T05:49:47.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings"},{"lang":"es","value":"Una comprobación inapropiada de la dirección de correo electrónico de los usuarios invitados en GitLab EE, afectando a todas las versiones desde la 12.2, permitía que los proyectos añadieran miembros con un dominio de dirección de correo electrónico que debería estar bloqueado por la configuración del grupo."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"13.12.9","matchCriteriaId":"2D5D42B1-6E9E-43AF-9D34-08976153DB2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.0.7","matchCriteriaId":"80FE53A3-015A-41EF-B238-DEE9AB2FEF8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.1.0","versionEndExcluding":"14.1.2","matchCriteriaId":"02027E6A-E1D7-4109-BC9A-2B6BC335BA20"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/14004","source":"cve@gitlab.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://hackerone.com/reports/679567","source":"cve@gitlab.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22251.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/14004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://hackerone.com/reports/679567","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]}]}}]}