CVE-2021-22170

Summary

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=11.6.0, <13.5.6affected
GitLabGitLab>=13.6.0, <13.6.4affected
GitLabGitLab>=13.7.0, <13.7.2affected

Weaknesses

  • Reusing a nonce, key pair in encryption in GitLab

ADP Enrichment

CVE Program Container

Additional References

References