{"vulnerability": "CVE-2021-3994", "sightings": [{"uuid": "db02eda2-218c-407b-ae1c-6cf3c0d4978f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39943", "type": "seen", "source": "https://t.me/cibsecurity/37190", "content": "\u203c CVE-2021-39943 \u203c\n\nAn authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T02:23:41.000000Z"}, {"uuid": "f9ef936d-a3ad-4b16-9abd-94c8848cd0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39947", "type": "seen", "source": "https://t.me/cibsecurity/43858", "content": "\u203c CVE-2021-39947 \u203c\n\nIn specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-06T20:30:17.000000Z"}, {"uuid": "96c4bf13-b66b-427a-affc-95e8af4128a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39945", "type": "seen", "source": "https://t.me/cibsecurity/33854", "content": "\u203c CVE-2021-39945 \u203c\n\nImproper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:29.000000Z"}, {"uuid": "d846d4fc-be2d-4f66-adee-1b401bc16db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39941", "type": "seen", "source": "https://t.me/cibsecurity/33850", "content": "\u203c CVE-2021-39941 \u203c\n\nAn information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:21.000000Z"}, {"uuid": "9b9984ad-5048-4bad-87f6-6e7b6ef29391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39940", "type": "seen", "source": "https://t.me/cibsecurity/33849", "content": "\u203c CVE-2021-39940 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:20.000000Z"}, {"uuid": "77620667-70a1-43d6-b807-cf71725c1a3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39944", "type": "seen", "source": "https://t.me/cibsecurity/33839", "content": "\u203c CVE-2021-39944 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T18:12:03.000000Z"}, {"uuid": "40f977a6-afe5-4218-9579-2e16d472a1a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3994", "type": "seen", "source": "https://t.me/cibsecurity/33188", "content": "\u203c CVE-2021-3994 \u203c\n\ndjango-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T14:35:48.000000Z"}]}