Site icon API Security Blog

GitLab 14.1 < 14.1.2 (CVE-2021-22236)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. (CVE-2021-22236) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More

Exit mobile version