OAuth Access Token Leakage Vulnerability in GitLab CE/EE Versions 7.10 and Above

OAuth Access Token Leakage Vulnerability in GitLab CE/EE Versions 7.10 and Above

CVE-2021-22213 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari

Learn more about our Cis Benchmark Audit For Safari Browser.