← Zuruck zu CVEs

CVE-2021-39881

LOW

3.5

Beschreibung

In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.

CVE Details

CVSS v3.1 Bewertung3.5

SchweregradLOW

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht10/5/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

gitlab:gitlab

Referenzen

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39881.json(cve@gitlab.com)

https://gitlab.com/gitlab-org/gitlab/-/issues/26695(cve@gitlab.com)

https://hackerone.com/reports/494530(cve@gitlab.com)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39881.json(af854a3a-2127-422b-91ae-364da2661108)

https://gitlab.com/gitlab-org/gitlab/-/issues/26695(af854a3a-2127-422b-91ae-364da2661108)

https://hackerone.com/reports/494530(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.