---

CVE-2021-39903 - log back

CVE-2021-39903 edited at 28 Oct 2021 15:11:46
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ In all versions of GitLab CE/EE since version 13.0, a low privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.
References	+ https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/

CVE-2021-39903 created at 28 Oct 2021 15:08:24