CVE-2021-4191

Summary

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.8, <14.8.2affected
GitLabGitLab>=14.7, <14.7.4affected
GitLabGitLab>=13.0, <14.6.5affected

Weaknesses

  • Information exposure in GitLab

ADP Enrichment

CVE Program Container

Additional References

References