---

CVE-2021-39890 - log back

CVE-2021-39890 edited at 04 Oct 2021 20:59:53
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
References	+ https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/#ldap-users-can-bypass-2fa-and-load-certain-pages-with-http-basic-auth

CVE-2021-39890 created at 04 Oct 2021 20:59:09
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes