CVE-2021-22236 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Incorrect calculation |
| Description | Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1 before version 14.1.2. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2251 | gitlab | 14.1.1-1 | 14.1.2-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 10 Aug 2021 | ASA-202108-7 | AVG-2251 | gitlab | High | multiple issues |
| References |
|---|
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/#new-subscriptions-generate-oauth-tokens-on-an-incorrect-oauth-client-application |