CVE-2021-39886
2.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GitLab | GitLab | >=10.6, <14.1.7 | affected |
| GitLab | GitLab | >=14.2, <14.2.5 | affected |
| GitLab | GitLab | >=14.3, <14.3.1 | affected |
Weaknesses
- Improper access control in GitLab
ADP Enrichment
CVE Program Container
Additional References
- https://gitlab.com/gitlab-org/gitlab/-/issues/330520
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39886.json
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/330520
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39886.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.