CVE-2021-39930

Summary

Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.4, <14.3.6affected
GitLabGitLab>=14.4, <14.4.4affected
GitLabGitLab>=14.5, <14.5.2affected

Weaknesses

  • Direct request ('forced browsing') in GitLab

ADP Enrichment

CVE Program Container

Additional References

References