Lucene search
China National Vulnerability DatabaseCNVD-2021-91187HistoryNov 01, 2021 - 12:00 a.m.
GitLab Access Control Error Vulnerability (CNVD-2021-91187)
2021-11-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
gitlab
access control
vulnerability
self-hosted
ruby on rails
project repository
improper access
email addresses
webhook data
EPSS
0.001
Percentile
22.7%
GitLab is a self-hosted, Git (version control system) project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project’s file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which stems from an improper access control flaw that exposes the private email addresses of issue and merge request transferees to Webhook data consumers. No detailed vulnerability details are currently available.
Related
veracode
veracode
Information Disclosure
2023-08-06 20:06:08
nessus
nessus
GitLab 13.9 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39911)
2022-04-20 00:00:00
cvelist
cvelist
CVE-2021-39911
2021-11-04 23:16:02
nvd
nvd
CVE-2021-39911
2021-11-05 00:15:11
osv
osv
CVE-2021-39911
2021-11-05 00:15:11
BIT-gitlab-2021-39911
2024-03-06 11:17:49
UBUNTU-CVE-2021-39911
2024-09-23 00:00:00
prion
prion
Improper access control
2021-11-05 00:15:00
debiancve
debiancve
CVE-2021-39911
2021-11-05 00:15:11
cve
cve
CVE-2021-39911
2021-11-05 00:15:11
freebsd
freebsd
Gitlab -- Multiple Vulnerabilities
2021-10-28 00:00:00