CVE-2021-22171

Summary

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=11.5.0, <13.5.6affected
GitLabGitLab>=13.6.0, <13.6.4affected
GitLabGitLab>=13.7.0, <13.7.2affected

Weaknesses

  • Improper authentication in GitLab

ADP Enrichment

CVE Program Container

Additional References

References