CVE-2021-39873 - In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leverage

CVE-2021-39873

Summary

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.

References

https://hackerone.com/reports/504961
https://gitlab.com/gitlab-org/gitlab/-/issues/27241
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39873.json

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

04-10-2021 - 17:24

Published

04-10-2021 - 17:15

Last modified

04-10-2021 - 17:24