6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
38.9%
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39872.json
gitlab.com/gitlab-org/gitlab/-/issues/337954
hackerone.com/reports/1285226