CVE-2021-39911

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-39911

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39911.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39911

Aliases

BIT-gitlab-2021-39911

Related

UBUNTU-CVE-2021-39911

Published

2021-11-05T00:15:11Z

Modified

2024-11-21T06:20:32Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

a1a60e9f753f4e99f2b13b24028a6092a897cc06

Fixed

9ed95b96a6766af9336048a63a29b678f88a9413