In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39919.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/342445 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-12-13 16:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-39919
Mitre link : CVE-2021-39919
CVE.ORG link : CVE-2021-39919
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password