First published: Thu May 06 2021(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >=11.6.0<13.9.7 | |
GitLab | >=11.6.0<13.9.7 | |
GitLab | >=13.10.0<13.10.4 | |
GitLab | >=13.10.0<13.10.4 | |
GitLab | >=13.11.0<13.11.2 | |
GitLab | >=13.11.0<13.11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22206 has been classified as a medium severity vulnerability due to the exposure of sensitive credentials.
To remediate CVE-2021-22206, upgrade your GitLab installation to a version higher than 13.11.2.
CVE-2021-22206 affects GitLab versions from 11.6.0 up to 13.11.2.
CVE-2021-22206 is a credential exposure vulnerability impacting GitLab pull mirror functionality.
All maintainers who have access to pull mirrors in affected versions of GitLab are impacted by CVE-2021-22206.