CVE-2021-39911 — LOW (1.7) — White Hats Nepal

Q: How severe is CVE-2021-39911?

CVE-2021-39911 has been rated LOW with a CVSS base score of 1.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-39911?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.

Vulnerability Description

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers

CVSS Score

1.7

LOW

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gitlab	Gitlab	>= 13.9.0, < 14.2.6

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.jsonVendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/297470Broken Link
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.jsonVendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/297470Broken Link

FAQ

What is CVE-2021-39911?

CVE-2021-39911 is a vulnerability with a CVSS score of 1.7 (LOW). An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 expos...

How severe is CVE-2021-39911?

CVE-2021-39911 has been rated LOW with a CVSS base score of 1.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39911?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.