CVE-2021-39919 - log back

CVE-2021-39919 edited at 07 Dec 2021 20:19:22
Description
- In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
+ In all versions of GitLab before version 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
Notes
CVE-2021-39919 edited at 07 Dec 2021 09:30:54
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
References
+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
CVE-2021-39919 created at 07 Dec 2021 09:25:21