CVE-2021-39886
published 2021-10-05CVE-2021-39886: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.55%
41.7th percentile
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 10.6.0 < 14.1.7 | 14.1.7 |
| gitlab | gitlab | >= 14.2.0 < 14.2.5 | 14.2.5 |
| gitlab | gitlab | >= 14.3.0 < 14.3.1 | 14.3.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2021-39886: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 a
vendor_gitlab·2021-10-05·CVSS 2.6
CVE-2021-39886 [LOW] CWE-276 CVE-2021-39886: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 a
CVE-2021-39886: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
Debian
CVE-2021-39886: gitlab - Permissions rules were not applied while issues were moved between projects of t...
vendor_debian·2021·CVSS 2.6
CVE-2021-39886 [LOW] CVE-2021-39886: gitlab - Permissions rules were not applied while issues were moved between projects of t...
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-cxfj-qcv7-fx7w: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10
ghsa_unreviewed·2022-05-24
CVE-2021-39886 [MEDIUM] CWE-276 GHSA-cxfj-qcv7-fx7w: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
OSV
CVE-2021-39886: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10
osv·2021-10-05·CVSS 4.3
CVE-2021-39886 [MEDIUM] CVE-2021-39886: Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-05
Published