CVE-2021-22213

Summary

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=7.10, <13.10.5affected
GitLabGitLab>=13.11, <13.11.5affected
GitLabGitLab>=13.12, <13.12.2affected

Weaknesses

  • Insufficiently protected credentials in GitLab

ADP Enrichment

CVE Program Container

Additional References

References