CVE-2021-39872 - In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows

CVE-2021-39872

Summary

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39872.json
https://hackerone.com/reports/1285226
https://gitlab.com/gitlab-org/gitlab/-/issues/337954

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

05-10-2021 - 13:26

Published

05-10-2021 - 13:15

Last modified

05-10-2021 - 13:26