ID CVE-2021-39889
Summary In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
References
Vulnerable Configurations
  • cpe:2.3:a:gitlab:gitlab:14.1.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.1.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.1.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.1.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.1.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.1.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.1.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.1.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.2.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.2.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.2.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.2.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.2.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.2.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.2.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.2.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:gitlab:gitlab:14.2.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:gitlab:gitlab:14.2.4:*:*:*:enterprise:*:*:*
CVSS
Base: 4.0 (as of 03-05-2022 - 16:04)
Impact:
Exploitability:
CWE CWE-639
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 03-05-2022 - 16:04
Published 05-10-2021 - 14:15
Last modified 03-05-2022 - 16:04
Back to Top