PT-2021-14885 · Gitlab · Gitlab
Published
2021-12-06
·
Updated
2024-03-06
·
CVE-2021-22170
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab versions 11.6 and later
Description:
The issue allows an attacker to decrypt some of the database's encrypted content, assuming a database breach has occurred. This is due to nonce reuse issues.
Recommendations:
For GitLab versions 11.6 and later, update to a version that includes a fix for the nonce reuse issue to prevent potential decryption of encrypted database content.
Exploit
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab