CVE-2021-39881

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.7 and later

Description: The application may allow a malicious user to create an OAuth client application with arbitrary scope names, potentially tricking unsuspecting users into authorizing the malicious client application using the spoofed scope name and description.

Recommendations: For GitLab CE/EE versions 7.7 and later, consider restricting the ability to create OAuth client applications with arbitrary scope names until a patch is available. As a temporary workaround, monitor OAuth client application creations and authorization requests to detect potential malicious activity.