CVE-2021-39886

Name
CVE-2021-39886
Description
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/gitlab-org/gitlab/-/issues/330520
CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39886.json

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* gitlab >= 10.6.0 < 14.1.7
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* gitlab >= 14.2.0 < 14.2.5
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* gitlab >= 14.3.0 < 14.3.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status