← Back

CVE-2021-39892

nvd nist
Published: Jan 18, 2022Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 12.0 to 14.1.7
Gitlab
From 14.2 to 14.2.5
Gitlab
From 12.0 to 14.1.7
Gitlab
From 14.2 to 14.2.5
Gitlab
Version 14.3.0
Gitlab
Version 14.3.0

References (6)

Source: cve@gitlab.com
Vendor Advisory
Source: cve@gitlab.com
ExploitVendor Advisory
Source: cve@gitlab.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.