CVE-2021-39896 - In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice

CVE-2021-39896

Summary

In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json
https://gitlab.com/gitlab-org/gitlab/-/issues/339362

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

04-10-2021 - 17:24

Published

04-10-2021 - 17:15

Last modified

04-10-2021 - 17:24