CVE-2021-39941

Published: Dec 13, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.0.0 to 14.3.6
Gitlab Gitlab	From 14.4.0 to 14.4.4
Gitlab Gitlab	From 14.5.0 to 14.5.2
Gitlab Gitlab	From 12.0.0 to 14.3.6
Gitlab Gitlab	From 14.4.0 to 14.4.4
Gitlab Gitlab	From 14.5.0 to 14.5.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39941.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/33864

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/706361

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39941.json

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/33864

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/706361

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.