CVE-2021-39931

Sažetak

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/340445
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39931.json
https://hackerone.com/reports/1318379

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

12-07-2022 - 17:42

Objavljeno

13-12-2021 - 16:15