CVE-2021-22227

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 13.11.6 GitLab versions prior to 13.12.6 GitLab versions prior to 14.0.2

Description The issue is related to a reflected cross-site script vulnerability. It allows a remote attacker to compromise data integrity by sending a malicious link to a victim. If the victim clicks the link, the attacker can trigger actions on their behalf.

Recommendations For versions prior to 13.11.6, update to version 13.11.6 or later. For versions prior to 13.12.6, update to version 13.12.6 or later. For versions prior to 14.0.2, update to version 14.0.2 or later. As a temporary workaround, consider restricting access to potentially vulnerable API endpoints, such as /api/v1/login or /users/{id}, until a patch is available. Avoid using the username and password variables in affected API endpoints until the issue is resolved.