CVE-2021-22169Information Exposure via Error Message in Gitlab

CWE-209Information Exposure via Error MessageCWE-200Sensitive Information Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab EE
Timeline
PublishedMar 24
Latest updateMay 24

Description

An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDgitlab/gitlab13.4.013.5.6+2
CVEListV5gitlab/gitlab>=13.4, <13.5.6, >=13.6.0, <13.6.4, >=13.7.0, <13.7.2+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-42jq-pvpx-7m8x: An issue was identified in GitLab EE 132022-05-24
OSV
CVE-2021-22169: An issue was identified in GitLab EE 132021-03-24

📋Vendor Advisories

2
GitLab
CVE-2021-22169: An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.2021-03-24
Debian
CVE-2021-22169: gitlab - An issue was identified in GitLab EE 13.4 or later which leaked internal IP addr...2021