First published: Fri Jan 15 2021(Updated: )
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=11.5.0<13.5.6 | |
GitLab GitLab | >=11.5.0<13.5.6 | |
GitLab GitLab | >=13.6.0<13.6.4 | |
GitLab GitLab | >=13.6.0<13.6.4 | |
GitLab GitLab | >=13.7.0<13.7.2 | |
GitLab GitLab | >=13.7.0<13.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.