PT-2021-22729 · Gitlab · Gitlab Ce/Ee+1
Published
2021-10-04
·
Updated
2024-03-06
·
CVE-2021-39883
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab EE versions 13.11 through 14.1.7
GitLab EE versions 14.2 through 14.2.5
GitLab EE versions 14.3 through 14.3.1
Description:
The issue is related to improper authorization checks, allowing subgroup members to see epics from all parent subgroups. This affects all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1.
Recommendations:
For GitLab EE versions 13.11 through 14.1.7, update to version 14.1.7 or later.
For GitLab EE versions 14.2 through 14.2.5, update to version 14.2.5 or later.
For GitLab EE versions 14.3 through 14.3.1, update to version 14.3.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee