CVE-2021-22206

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22206

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22206.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22206

Aliases

BIT-gitlab-2021-22206

Downstream

UBUNTU-CVE-2021-22206

Published

2021-05-06T14:15:07.943Z

Modified

2026-02-11T13:22:52.910859Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0d2d9558dba50b1496bf368954318d465825e8e3

Fixed

fcf9700aae78344b7e768f63ec7c333442ccb53c

Introduced

47f41a4a74f364c731aafd34a93bddb630f62230

Fixed

5898a4590037d926bf5c1e438aa2f21582ddf47f

Introduced

4c09765c6424a96be7c7ae7707db3bda4e9c4ab4

Fixed

55effbbba527b094f7e3606d62b7c81fc7963150

Affected versions

v13.*

v13.10.0-ee

v13.10.1-ee

v13.10.2-ee

v13.10.3-ee

v13.11.0-ee

v13.11.1-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22206.json"