CVE Vulnerabilities

CVE-2021-39883

Published: Oct 04, 2021 | Modified: Oct 06, 2022
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 13.11.0 (including) 14.1.7 (excluding)
Gitlab Gitlab 14.2.0 (including) 14.2.5 (excluding)
Gitlab Gitlab 14.3.0 (including) 14.3.0 (including)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu xenial *

References