CVE-2021-22213 - log back

CVE-2021-22213 edited at 08 Jun 2021 16:59:57
Description
- A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari.
+ A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/300308
https://hackerone.com/reports/1089277
CVE-2021-22213 edited at 08 Jun 2021 16:55:44
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari.
References
+ https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
+ https://gitlab.com/gitlab-org/gitlab/-/issues/300308
+ https://hackerone.com/reports/1089277
CVE-2021-22213 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes