Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39915.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/340803 | Broken Link |
https://hackerone.com/reports/1336059 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-12-13 16:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-39915
Mitre link : CVE-2021-39915
CVE.ORG link : CVE-2021-39915
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-668
Exposure of Resource to Wrong Sphere