CVE-2021-22190 — Path Traversal in Gitlab

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedApr 12

Description

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgitlab/gitlab13.7.0 — 13.7.8+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=13.7, <13.7.8, >=13.8, <13.8.5, >=13.9, <13.9.2+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

OSV

CVE-2021-22190: A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token↗2021-04-12

▶

📋Vendor Advisories

GitLab

CVE-2021-22190: A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token↗2021-04-12

▶

Debian

CVE-2021-22190: gitlab - A path traversal vulnerability via the GitLab Workhorse in all versions of GitLa...↗2021

▶