---

CVE-2021-22167 - log back

CVE-2021-22167 edited at 14 Jan 2021 08:33:44
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers within a specific project page allow attackers to have temporary read access to a public repository with project features restricted only to members. The issue is mitigated in GitLab version 13.7.2, 13.6.4, and 13.5.6.
References	+ https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/#unauthorized-user-is-able-to-access-private-repository-information-under-specific-conditions
Notes

CVE-2021-22167 created at 14 Jan 2021 08:31:44