CVE-2021-22206

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22206

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22206.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22206

Aliases

BIT-gitlab-2021-22206

Related

UBUNTU-CVE-2021-22206

Published

2021-05-06T14:15:07Z

Modified

2024-10-11T09:41:28Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json
https://gitlab.com/gitlab-org/gitlab/-/issues/230864
https://hackerone.com/reports/928074

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4c09765c6424a96be7c7ae7707db3bda4e9c4ab4

Fixed

55effbbba527b094f7e3606d62b7c81fc7963150