CVE-2021-39919

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39919

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39919.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39919

Aliases

BIT-gitlab-2021-39919

Downstream

UBUNTU-CVE-2021-39919

Published

2021-12-13T16:15:09.027Z

Modified

2026-02-13T02:56:45.603728Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0034acfc891b0cbc2ecc4aa4c5ca0d1f89e3c32f

Fixed

057790c613dea428aa523357c333ced5433794ee

Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

a1175384df48e74899d664520601823016d81084

Introduced

490a8efda84a04e31ac41b882d95bb717c202437

Fixed

4511944420f00a68d5df2b3d81e5dae7fa2888f3

Affected versions

v14.*

v14.4.0-ee

v14.4.1-ee

v14.4.2-ee

v14.4.3-ee

v14.5.0-ee

v14.5.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39919.json"