CVE-2021-22190

Summary

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.7, <13.7.8affected
GitLabGitLab>=13.8, <13.8.5affected
GitLabGitLab>=13.9, <13.9.2affected

Weaknesses

  • Improper handling of url encoding (hex encoding) in GitLab

ADP Enrichment

CVE Program Container

Additional References

References