CVE-2021-39872

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39872
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39872.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39872
Aliases
Related
Published
2021-10-05T13:15:08Z
Modified
2025-03-01T02:17:48.270651Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events

Affected versions

v14.*

v14.1.0-ee
v14.1.1-ee
v14.1.2-ee
v14.1.3-ee
v14.1.4-ee
v14.1.5-ee
v14.1.6-ee