vulnerability
Arch Linux: Information disclosure (CVE-2021-39919)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Dec 13, 2021 | Jul 11, 2025 | Mar 25, 2026 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 13, 2021
Added
Jul 11, 2025
Modified
Mar 25, 2026
Description
In all versions of GitLab before version 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-39919
- https://attackerkb.com/topics/CVE-2021-39919
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-26275
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39919.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/342445
- https://security.archlinux.org/ASA-202112-10
- CWE-640
- EUVD-EUVD-2021-26275
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.