CVE-2021-39943

Summary

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.5.0, <14.5.2affected
GitLabGitLab>=14.4.0, <14.4.4affected
GitLabGitLab>=14.1.0, <14.3.6affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References