First published: Mon Dec 13 2021(Updated: )
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=14.0.0<14.3.6 | |
GitLab GitLab | >=14.0.0<14.3.6 | |
GitLab GitLab | >=14.4.0<14.4.4 | |
GitLab GitLab | >=14.4.0<14.4.4 | |
GitLab GitLab | >=14.5.0<14.5.2 | |
GitLab GitLab | >=14.5.0<14.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.