CVE-2021-39927

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-39927

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39927.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39927

Aliases

BIT-gitlab-2021-39927

Related

UBUNTU-CVE-2021-39927

Published

2022-01-18T17:15:08Z

Modified

2025-04-02T03:38:46.640241Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

518f728f72b10d07e8d7362ab6ddca7844e919ec

Last affected

6360adc49dee6a35f101bcb67cdc685c15641679

Introduced

490a8efda84a04e31ac41b882d95bb717c202437

Last affected

c0551c59610dd489bcea25bbdabb752e0380e5bb

Introduced

5b5777b8cf3328d27ef549c31f70993da1d1b267

Last affected

f7475c863e83756c791917626d3a48bce8e3a975

Affected versions

v14.*

v14.5.0-ee

v14.5.1-ee

v14.5.2-ee

v14.5.3-ee

v14.6.0-ee

v14.6.1-ee

v14.6.2-ee

v14.6.3-ee