Main Vulnerability Database Vulnerabilities #VU57050

#VU57050 Insufficient Session Expiration in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-39899

Published: October 5, 2021

Vulnerability identifier: #VU57050

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-39899

CWE-ID: CWE-613

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to lack of account lockout on change password functionality. An attacker with physical access can brute force the user’s password.

Remediation

Install updates from vendor's website.

External links

https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/

#VU57050 Insufficient Session Expiration in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-39899

Description

Remediation

External links

Please verify you're human