GitLabCVELIST:CVE-2021-39927CVE-2021-39927
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.7%
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=8.4, <14.4.5"
},
{
"status": "affected",
"version": ">=14.5, <14.5.3"
},
{
"status": "affected",
"version": ">=14.6, <14.6.2"
}
]
}
]Related
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.7%