CVE-2021-39886

medium

Description

Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/330520

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39886.json

Details

Source: Mitre, NVD

Published: 2021-10-05

Updated: 2021-10-09

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium