PT-2021-22783 · Gitlab · Gitlab Ce/Ee+1
Muthu_Prakash
·
Published
2021-12-13
·
Updated
2024-03-06
·
CVE-2021-39945
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 9.4 through 14.3.5
GitLab CE/EE versions 14.4 through 14.4.3
GitLab CE/EE versions 14.5 through 14.5.1
Description
The issue is related to improper access control in the GitLab CE/EE API. This allows an author of a Merge Request to approve the Merge Request even after having their project access revoked.
Recommendations
For versions 9.4 through 14.3.5, update to version 14.3.6 or later.
For versions 14.4 through 14.4.3, update to version 14.4.4 or later.
For versions 14.5 through 14.5.1, update to version 14.5.2 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee