{"vulnerability": "CVE-2021-3991", "sightings": [{"uuid": "3882657c-ce44-4e60-b04c-30118dc890c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3991", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113486715782587012", "content": "", "creation_timestamp": "2024-11-15T11:24:17.998123Z"}, {"uuid": "aa6c0b1c-fd13-4dee-9d00-b74637d32405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3991", "type": "seen", "source": "https://t.me/cvedetector/11066", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2021-3991 - Dolibarr Unauthorized Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2021-3991 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:43.000000Z"}, {"uuid": "5396d025-0457-4402-9095-9991d1af5725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39910", "type": "seen", "source": "https://t.me/arpsyndicate/1837", "content": "#ExploitObserverAlert\n\nCVE-2021-39910\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-39910. An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.\n\nFIRST-EPSS: 0.000890000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2023-12-16T15:56:51.000000Z"}, {"uuid": "87dd671f-a52f-41ea-a7f7-5edbacc82a39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39910", "type": "seen", "source": "https://t.me/cibsecurity/33844", "content": "\u203c CVE-2021-39910 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:11.000000Z"}, {"uuid": "40401220-38c3-4523-a3b7-720bedca1d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39919", "type": "seen", "source": "https://t.me/cibsecurity/33842", "content": "\u203c CVE-2021-39919 \u203c\n\nIn all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:08.000000Z"}, {"uuid": "27b4072d-5b06-44c0-aafc-0f3ebe7457a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39914", "type": "seen", "source": "https://t.me/cibsecurity/31863", "content": "\u203c CVE-2021-39914 \u203c\n\nA regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T01:25:11.000000Z"}, {"uuid": "bb3d7931-a53d-410a-9514-9d025c3e0596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39916", "type": "seen", "source": "https://t.me/cibsecurity/33856", "content": "\u203c CVE-2021-39916 \u203c\n\nLack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:32.000000Z"}, {"uuid": "88bed312-79b5-4f1c-9cdb-8ceed28a0fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39917", "type": "seen", "source": "https://t.me/cibsecurity/33851", "content": "\u203c CVE-2021-39917 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:23.000000Z"}, {"uuid": "ff93ff4a-2031-499b-be85-4eeb4e479c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39915", "type": "seen", "source": "https://t.me/cibsecurity/33858", "content": "\u203c CVE-2021-39915 \u203c\n\nImproper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:34.000000Z"}]}