CVE-2021-39941
published 2021-12-13CVE-2021-39941: An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.18%
63.9th percentile
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.0.0 < 14.3.6 | 14.3.6 |
| gitlab | gitlab | >= 14.4.0 < 14.4.4 | 14.4.4 |
| gitlab | gitlab | >= 14.5.0 < 14.5.2 | 14.5.2 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2021-39941: An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see
vendor_gitlab·2021-12-13·CVSS 3.7
CVE-2021-39941 [LOW] CWE-200 CVE-2021-39941: An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see
CVE-2021-39941: An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
Debian
CVE-2021-39941: gitlab - An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6,...
vendor_debian·2021·CVSS 3.7
CVE-2021-39941 [LOW] CVE-2021-39941: gitlab - An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6,...
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-9xv2-8g99-6925: An information disclosure vulnerability in GitLab CE/EE versions 12
ghsa_unreviewed·2021-12-14
CVE-2021-39941 [MEDIUM] CWE-200 GHSA-9xv2-8g99-6925: An information disclosure vulnerability in GitLab CE/EE versions 12
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
OSV
CVE-2021-39941: An information disclosure vulnerability in GitLab CE/EE versions 12
osv·2021-12-13·CVSS 5.3
CVE-2021-39941 [MEDIUM] CVE-2021-39941: An information disclosure vulnerability in GitLab CE/EE versions 12
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39941.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/33864https://hackerone.com/reports/706361https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39941.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/33864https://hackerone.com/reports/706361
2021-12-13
Published