← Volver a CVEs
CVE-2021-39872
MEDIUM6.5
Descripcion
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/5/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
gitlab:gitlab
Debilidades (CWE)
CWE-287
Referencias
https://gitlab.com/gitlab-org/gitlab/-/issues/337954(cve@gitlab.com)
https://hackerone.com/reports/1285226(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39872.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/337954(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1285226(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.