In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39919.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/342445 | Broken Link |
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39919.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/342445 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39919.json - Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/342445 - Broken Link |
Information
Published : 2021-12-13 16:15
Updated : 2024-11-21 06:20
NVD link : CVE-2021-39919
Mitre link : CVE-2021-39919
CVE.ORG link : CVE-2021-39919
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password