CVE-2021-39890 - log back

CVE-2021-39890 edited at 04 Oct 2021 20:59:53
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
References
+ https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/#ldap-users-can-bypass-2fa-and-load-certain-pages-with-http-basic-auth
CVE-2021-39890 created at 04 Oct 2021 20:59:09
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes