CVE-2021-39913

Published: Nov 5, 2021Modified: Jun 12, 2026

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges

Affected (4)

Products: Gitlab: Gitlab

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 14.2.6
Gitlab Gitlab	From 14.3.0 to 14.3.4
Gitlab Gitlab	Before 14.2.6
Gitlab Gitlab	From 14.3.0 to 14.3.4

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/28074

Source: cve@gitlab.com

Broken LinkIssue TrackingVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/28074

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkIssue TrackingVendor Advisory

Timeline

No history available yet.