CVE-2021-39945

Summary

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.5, <14.5.2affected
GitLabGitLab>=14.4, <14.4.4affected
GitLabGitLab>=9.4, <14.3.6affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References