Vulnerabilities > CVE-2021-39881 - Unspecified vulnerability in Gitlab

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
gitlab
NVD
Published: 2021-10-05
Updated: 2021-10-09

Summary

In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.

Vulnerable Configurations

Part Description Count
Application
Gitlab
1866

References