CVE-2021-22257

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22257
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22257.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22257
Aliases
Published
2021-10-05T14:15:07Z
Modified
2024-06-06T13:56:52.042313Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events

Affected versions

v14.*

v14.0.0-ee
v14.0.1-ee
v14.0.2-ee
v14.0.3-ee
v14.0.4-ee
v14.0.5-ee
v14.0.6-ee
v14.0.7-ee
v14.0.8-ee