---

CVE-2021-22257 - log back

CVE-2021-22257 edited at 31 Aug 2021 18:52:47
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.
References	+ https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/#user-enumeration-on-private-instances
Notes

CVE-2021-22257 created at 31 Aug 2021 18:50:20