Vulnerabilities > CVE-2021-39930 - Incorrect Authorization vulnerability in Gitlab

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gitlab
CWE-863
NVD
Published: 2021-12-13
Updated: 2021-12-16

Summary

Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates

Vulnerable Configurations

Part Description Count
Application
Gitlab
437

Common Weakness Enumeration (CWE)

References