Skip to main content

Cleartext Storage of Sensitive Information

CVE-2021-22206

Severity Medium
Score 4.9/10

Summary

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • HIGH
  • HIGH
  • NONE

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

Advisory Timeline

  • Published