PT-2021-6600 · Gitlab · Gitlab Ce/Ee+1
Jimenoon
·
Published
2021-08-23
·
Updated
2024-03-06
·
CVE-2021-22249
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 12.2 and later
Description
A verbose error message in GitLab EE could disclose the private email address of a user invited to a group. This issue affects all versions since 12.2 and allows a remote attacker to access confidential data.
Recommendations
For GitLab EE versions 12.2 and later, update to a version that includes a fix for this issue to prevent the disclosure of private email addresses. As a temporary workaround, consider restricting error message visibility to minimize the risk of exploitation.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee