---

CVE-2021-39896 - log back

CVE-2021-39896 created at 04 Oct 2021 20:53:36
Severity	+ Low
Remote	+ Remote
Type	+ Content spoofing
Description	+ In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.
References	+ https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/#improper-session-management-in-impersonation-feature + https://gitlab.com/gitlab-org/gitlab/-/issues/339362
Notes