PT-2021-22752 · Gitlab · Gitlab Ce/Ee+1
Rafiemon
·
Published
2021-11-04
·
Updated
2024-03-06
·
CVE-2021-39905
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 8.9.6 and later
Description
An information disclosure issue in the GitLab CE/EE API allows a user to view basic information about private groups that a public project has been shared with.
Recommendations
For GitLab CE/EE versions 8.9.6 and later, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the API endpoint that handles project sharing to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee