← back
CVE-2021-22236

CVE-2021-22236

CVSS 5.5 MEDIUMEPSS 0.9%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected products
GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22236.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/334925