---

CVE-2021-39885 - log back

CVE-2021-39885 edited at 04 Oct 2021 21:16:49
References	https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/#stored-xss-in-merge-request-creation-page + https://hackerone.com/reports/1342009 + https://gitlab.com/gitlab-org/gitlab/-/issues/341140

CVE-2021-39885 edited at 30 Sep 2021 17:29:11
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Cross-site scripting
Description	+ A Stored cross-site scripting security issue in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names.
References	+ https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/#stored-xss-in-merge-request-creation-page
Notes

CVE-2021-39885 created at 30 Sep 2021 17:14:55