Site icon API Security Blog

GitLab 7.10 < 13.10.5 / 13.11 < 13.11.5 / 13.12 < 13.12.2 (CVE-2021-22213)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari (CVE-2021-22213) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More

Exit mobile version