CVE-2021-22171
on gitlab
on gitlab
Published
Severity
CVSS v3:
6.5 MEDIUM
CVSS v2:
4.3 MEDIUM
Description
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 13.7.0 (including) | 13.7.2 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 13.7.0 (including) | 13.7.2 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 13.6.0 (including) | 13.6.4 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 13.6.0 (including) | 13.6.4 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 11.5.0 (including) | 13.5.6 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 11.5.0 (including) | 13.5.6 | * |