CVE-2021-39896

Published: Oct 4, 2021Modified: Nov 21, 2024

3.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.2 / Impact: 2.5

Source: NVD

Description

In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 14.2 to 14.2.5
Gitlab Gitlab	From 14.3 to 14.3.1
Gitlab Gitlab	From 8.0.0 to 14.1.7
Gitlab Gitlab	From 14.2 to 14.2.5
Gitlab Gitlab	From 14.3 to 14.3.1
Gitlab Gitlab	From 8.0.0 to 14.1.7

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/339362

Source: cve@gitlab.com

Broken Link

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/339362

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.