CVE-2021-39879 - Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with

CVE-2021-39879

Summary

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39879.json
https://gitlab.com/gitlab-org/gitlab/-/issues/338825

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

04-10-2021 - 17:24

Published

04-10-2021 - 17:15

Last modified

04-10-2021 - 17:24