### [CVE-2021-22206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22206)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D11.6%2C%20%3C13.9.7%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D13.10.0%2C%20%3C13.10.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D13.11.0%2C%20%3C13.11.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cleartext%20storage%20of%20sensitive%20information%20in%20memory%20in%20GitLab&color=brightgreen)

### Description

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/dannymas/CVE-2021-22206
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC