CVE-2021-39904

Опубликовано: 05 нояб. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4

CVSS3: 4.3

Описание

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

Релиз	Статус	Примечание
devel	DNE
esm-apps/xenial	ignored	not maintainable
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	DNE
noble	DNE
upstream	released	15.10.8+ds1-2

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2021-39904

EPSS

Процентиль: 32%

0.00121

Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2021-39904

CVSS3: 4.3

nvd

больше 4 лет назад

CVE-2021-39904

CVSS3: 4.3

debian

больше 4 лет назад

An Improper Access Control vulnerability in the GraphQL API in all ver ...

GHSA-2mm8-x5g7-wf73

CVSS3: 4.3

github

больше 3 лет назад

An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

EPSS

Процентиль: 32%

0.00121

Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

CVE-2021-39904

Описание

Пакет gitlab

Ссылки на источники

Связанные уязвимости