#VU57051 Permissions, Privileges, and Access Controls in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-39886
Published: October 5, 2021
Vulnerability identifier: #VU57051
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-39886
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition
Gitlab Community Edition
GitLab Enterprise Edition
Software vendor:
GitLab, Inc
GitLab, Inc
Description
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the permissions rules were not applied while issues were moved between projects of the same group. A remote authenticated attacker can read confidential Epic references.
Remediation
Install updates from vendor's website.