Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 31 |
| CVE-ID | CVE-2021-39885 CVE-2021-39877 CVE-2021-39887 CVE-2021-39867 CVE-2021-39869 CVE-2021-39872 CVE-2021-39891 CVE-2021-39878 CVE-2021-39894 CVE-2021-39866 CVE-2021-39882 CVE-2021-39893 CVE-2021-39875 CVE-2021-39870 CVE-2021-39884 CVE-2021-39888 CVE-2021-39883 CVE-2021-39889 CVE-2021-39900 CVE-2021-39879 CVE-2021-39886 CVE-2021-39899 CVE-2021-39890 CVE-2021-39881 CVE-2021-39896 CVE-2021-39873 CVE-2021-39874 CVE-2021-39871 CVE-2021-39868 CVE-2021-22259 CVE-2021-39892 |
| CWE-ID | CWE-79 CWE-400 CWE-918 CWE-200 CWE-284 CWE-840 CWE-20 CWE-254 CWE-285 CWE-287 CWE-264 CWE-613 CWE-451 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
GitLab Enterprise Edition Universal components / Libraries / Software for developers Gitlab Community Edition Universal components / Libraries / Software for developers |
| Vendor | GitLab, Inc |
Security Bulletin
This security bulletin contains information about 31 vulnerabilities.
Updated 05.10.2021
Added vulnerabilities #19-31
1) Stored cross-site scripting
EUVDB-ID: #VU57010
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39885
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in merge request creation page. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 13.5.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU57011
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39877
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in Markdown parser. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.2.0 - 14.3.0
GitLab Enterprise Edition: 12.2.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stored cross-site scripting
EUVDB-ID: #VU57012
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39887
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the GitLab Flavored Markdown. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.4 - 14.3.0
GitLab Enterprise Edition: 8.4.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU57013
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39867
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to DNS Rebinding issue in Gitea importer. A remote authenticated attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.15 - 14.3.0
GitLab Enterprise Edition: 8.15.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU57014
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39869
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.9 - 14.3.0
GitLab Enterprise Edition: 8.9.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU57015
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39872
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker with expired password can still access GitLab through git and API through access tokens acquired before password expiration.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.1.0 - 14.3.0
GitLab Enterprise Edition: 14.1.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU57016
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39891
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation. A remote administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.0 - 14.3.0
GitLab Enterprise Edition: 8.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU57017
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39878
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Jira integration. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.0.0 - 14.3.0
GitLab Enterprise Edition: 13.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU57018
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39894
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to the DNS Rebinding issue in Fogbugz importer. A remote authenticated attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.0 - 14.3.0
GitLab Enterprise Edition: 8.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Business Logic Errors
EUVDB-ID: #VU57019
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39866
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a business logic error in the project deletion process. A remote authenticated attacker can use persistent access via project access tokens.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.6.0 - 14.3.0
GitLab Enterprise Edition: 13.6.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU57020
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39882
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 14.3.0
GitLab Enterprise Edition: 6.2.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU57021
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39893
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 9.1 - 14.3.0
GitLab Enterprise Edition: 10.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information disclosure
EUVDB-ID: #VU57022
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39875
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can see pending invitations of any public group or public project by visiting an API endpoint.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.6.0 - 14.3.0
GitLab Enterprise Edition: 13.6.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Security features bypass
EUVDB-ID: #VU57023
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39870
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security features on the system.
The vulnerability exists due to a security features bypass in an instance that has the setting to disable Repo by URL import enabled. A remote authenticated attacer can make a crafted API call.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 11.11.0 - 14.3.0
GitLab Enterprise Edition: 11.11.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Information disclosure
EUVDB-ID: #VU57024
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39884
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated attacker can see names of the private groups shared in projects.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.13 - 14.3.0
GitLab Enterprise Edition: 8.13.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information disclosure
EUVDB-ID: #VU57026
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39888
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 13.10.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper Authorization
EUVDB-ID: #VU57027
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39883
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote authenticated attacker can bypass authentication process and see epics from all parent subgroups.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 13.11.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU57028
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39889
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an insecure direct object reference (IDOR) issue. A remote authenticated attacker can make a specially crafted API call with the ID of the protected branch and disclose the protected branch name.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 14.1.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information disclosure
EUVDB-ID: #VU57053
Risk: Low
CVSSv3.1: 1.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39900
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in SendEntry. A remote administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 10.8 - 14.3.0
GitLab Enterprise Edition: 10.8.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper Authentication
EUVDB-ID: #VU57052
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39879
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A local user can disable two-factor authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 7.11 - 14.3.0
GitLab Enterprise Edition: 7.11.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU57051
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39886
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the permissions rules were not applied while issues were moved between projects of the same group. A remote authenticated attacker can read confidential Epic references.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 10.6 - 14.1.6
GitLab Enterprise Edition: 10.6.0 - 14.1.6
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Insufficient Session Expiration
EUVDB-ID: #VU57050
Risk: Low
CVSSv3.1: 2.6 [CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39899
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to lack of account lockout on change password functionality. An attacker with physical access can brute force the user’s password.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 14.3.0
GitLab Enterprise Edition: 6.2.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Security features bypass
EUVDB-ID: #VU57049
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39890
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to security features bypass issue. A remote authenticated attacker can bypass 2FA and access some specific pages with Basic Authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.1.1 - 14.3.0
GitLab Enterprise Edition: 14.1.1 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Security features bypass
EUVDB-ID: #VU57048
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39881
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the application may let a malicious user create an OAuth client application with arbitrary scope names. A remote authenticated attacker can trick a victim to authorize the malicious client application using the spoofed scope name and description.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 7.7 - 14.3.0
GitLab Enterprise Edition: 7.7.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Insufficient Session Expiration
EUVDB-ID: #VU57047
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39896
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper session management in impersonation feature. A remote administrator can use the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.0 - 14.3.0
GitLab Enterprise Edition: 8.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Spoofing attack
EUVDB-ID: #VU57046
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39873
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 14.3.0
GitLab Enterprise Edition: 6.2.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Security features bypass
EUVDB-ID: #VU57045
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39874
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to compromise the target system.
The vulnerability exists due to the requirement to enforce 2FA is not honored when using git commands.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 11.0 - 14.3.0
GitLab Enterprise Edition: 11.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Security features bypass
EUVDB-ID: #VU57044
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39871
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security features on the system.
The vulnerability exists due to a security features bypass in an instance that has the setting to disable Bitbucket Server import enabled. A remote authenticated attacer can make a crafted API call.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.0.0 - 14.3.0
GitLab Enterprise Edition: 13.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper access control
EUVDB-ID: #VU57043
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39868
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker can create a project with unlimited repository size by modifying values in a project export.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.12 - 14.3.0
GitLab Enterprise Edition: 8.12.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU57042
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22259
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of pagination in dependencies API. A remote authenticated attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.6.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information disclosure
EUVDB-ID: #VU57041
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39892
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated attacker can can import users from projects that they are not a maintainer on and disclose email addresses of those users.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.0.0 - 14.3.0
GitLab Enterprise Edition: 12.0.0 - 14.3.0
External linkshttp://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
