CVE-2021-39911

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39911
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39911.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39911
Aliases
Related
Published
2021-11-05T00:15:11Z
Modified
2024-11-21T06:20:32Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events