2 matches found
GitLab 1.0 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39899)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE, an attacker with physical access to a user's machine may brute force the user's password via the change password function. There is a rate limit in place, but the atta...
CVE-2021-39899
CVE-2021-39899 affects GitLab CE/EE (all versions). An attacker with physical access to a user’s machine can brute-force the user’s password via the change password function. There is a rate limit, but the attack may succeed by stealing the session_id from the compromised account and distributing...