CVE-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*

History

06 Oct 2022, 20:00

Type Values Removed Values Added
CPE cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*

12 May 2022, 21:15

Type Values Removed Values Added
Summary Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups. Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.

03 May 2022, 16:04

Type Values Removed Values Added
CWE CWE-863 NVD-CWE-Other

12 Oct 2021, 13:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
CWE CWE-863
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/334279 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/334279 - Broken Link
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json - Vendor Advisory

04 Oct 2021, 17:24

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 17:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-39883

Mitre link : CVE-2021-39883

CVE.ORG link : CVE-2021-39883


JSON object : View

Products Affected

gitlab

  • gitlab