CVE-2021-39919

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39919
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39919.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39919
Aliases
Downstream
Published
2021-12-13T16:15:09.027Z
Modified
2026-04-10T04:37:34.371461Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0034acfc891b0cbc2ecc4aa4c5ca0d1f89e3c32f
Fixed
057790c613dea428aa523357c333ced5433794ee
Introduced
0034acfc891b0cbc2ecc4aa4c5ca0d1f89e3c32f
Fixed
057790c613dea428aa523357c333ced5433794ee
Introduced
19c719febd74b6edf549bf6a2c0e36bf8f176d56
Fixed
a1175384df48e74899d664520601823016d81084
Introduced
19c719febd74b6edf549bf6a2c0e36bf8f176d56
Fixed
a1175384df48e74899d664520601823016d81084
Introduced
490a8efda84a04e31ac41b882d95bb717c202437
Fixed
4511944420f00a68d5df2b3d81e5dae7fa2888f3
Introduced
490a8efda84a04e31ac41b882d95bb717c202437
Fixed
4511944420f00a68d5df2b3d81e5dae7fa2888f3
Database specific 
{
    "versions": [
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        }
    ]
}

Affected versions

v14.*
v14.4.0-ee
v14.4.2-ee
v14.4.3-ee
v14.5.0-ee
v14.5.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39919.json"