CVE-2021-22170: 
GitLab vulnerability analysis and mitigation

CVE-2021-22170 is a cryptographic vulnerability affecting GitLab versions 11.6 and later. The vulnerability stems from nonce reuse issues in the encryption implementation, which could allow an attacker to decrypt encrypted database content in the event of a database breach (NVD).

The vulnerability exists in the Gitlab::CryptoHelper module, which uses AES-GCM encryption with static key and nonce values derived from Gitlab::Application.secrets.dbkeybase. The implementation has multiple issues: the key and IV (nonce) are related to each other, with the IV being a substring of the key, and both values are derived from a hexadecimal string, effectively making them half as long as intended. The CVSS v3.1 score is 7.5 (High) according to NVD assessment (GitLab Issue).

In the event of a database breach, the nonce reuse vulnerability allows attackers to recover the authentication key used within AES-GCM. By observing two different ciphertexts and their authentication tags, attackers can forge authentication tags for arbitrary ciphertexts. Additionally, if a plain/ciphertext pair is known (such as from a project's runners token), attackers can deduce the keystream and encrypt arbitrary values up to the length of the known pair (GitLab Issue).

The recommended mitigation involves storing a random IV along with the encrypted value and deriving the key from Gitlab::Application.secrets.dbkeybase using a secure key derivation function such as PBKDF2 (GitLab Issue).