PT-2021-6756 · Gitlab · Gitlab Ce/Ee+1
Published
2021-08-25
·
Updated
2024-03-06
·
CVE-2021-22236
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 14.1 and later
Description
The issue is related to the improper handling of OAuth client IDs, which causes new subscriptions to generate OAuth tokens on an incorrect OAuth client application. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations
For GitLab CE/EE versions 14.1 and later, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee