CVE-2021-39919 Information

Description

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6 all versions starting from 14.4 before 14.4.4 all versions starting from 14.5 before 14.5.2 the reset password token and new user email token are accidentally logged which may lead to information disclosure.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/342445 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39919.json

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.4