CVE-2021-39890

Summary

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.3, <14.3.1affected
GitLabGitLab>=14.2, <14.2.5affected
GitLabGitLab>=14.1.1, <14.1.7affected

Weaknesses

  • Authentication bypass by primary weakness in GitLab

ADP Enrichment

CVE Program Container

Additional References

References