CVE-2021-39911
1.7
CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GitLab | GitLab | >=13.9, <14.2.6 | affected |
| GitLab | GitLab | >=14.3, <14.3.4 | affected |
| GitLab | GitLab | >=14.4, <14.4.1 | affected |
Weaknesses
- Exposure of private information ('privacy violation') in GitLab
ADP Enrichment
CVE Program Container
Additional References
- https://gitlab.com/gitlab-org/gitlab/-/issues/297470
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/297470
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.