CVE-2021-22195

8.6HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab-vscode-extension
Vendor: CVE Published:; 1 April 2021

Summary

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system

Affected Version(s)

gitlab-vscode-extension <=3.15.0

References

https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/i...

x_refsource_MISC

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2021
Vulnerability Reserved
Jan 5, 2021

Collectors

NVD DatabaseMitre Database

Credit

GitLab security research team

.