CVE-2021-39916

CVE-2021-39916

Name

CVE-2021-39916

Description

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39916.json
MISC	https://gitlab.com/gitlab-org/gitlab/-/issues/343379
MISC	https://hackerone.com/reports/1372216

Type

URI

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39916.json

MISC

https://gitlab.com/gitlab-org/gitlab/-/issues/343379

MISC

https://hackerone.com/reports/1372216

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 14.1.0	< 14.3.6
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 14.4.0	< 14.4.4
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 14.5.0	< 14.5.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 14.1.0

< 14.3.6

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 14.4.0

< 14.4.4

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 14.5.0

< 14.5.2

References

Match rules

Vulnerable and fixed packages