Lucene search
GoogleOSV:CVE-2021-39899HistoryOct 04, 2021 - 5:15 p.m.
CVE-2021-39899
2021-10-0417:15:08
Google
osv.dev
2
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.
Related
cve
cve
CVE-2021-39899
2021-10-04 17:15:08
veracode
veracode
Improper Session Management
2023-08-06 19:57:11
debiancve
debiancve
CVE-2021-39899
2021-10-04 17:15:08
nessus
nessus
GitLab 1.0 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39899)
2024-01-03 00:00:00
prion
prion
Default credentials
2021-10-04 17:15:00
nvd
nvd
CVE-2021-39899
2021-10-04 17:15:08
osv
osv
BIT-gitlab-2021-39899
2024-03-06 11:18:10
ubuntucve
ubuntucve
CVE-2021-39899
2021-10-04 00:00:00
cvelist
cvelist
CVE-2021-39899
2021-10-04 16:47:01