Vulnerability Description
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
CVSS Score
5.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 14.1.0, < 14.1.2 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22236.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/334925Broken Link
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22236.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/334925Broken Link
FAQ
What is CVE-2021-22236?
CVE-2021-22236 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.
How severe is CVE-2021-22236?
CVE-2021-22236 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22236?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.