CVE-2021-39903 - log back

CVE-2021-39903 edited at 28 Oct 2021 15:11:46
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ In all versions of GitLab CE/EE since version 13.0, a low privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.
References
+ https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/
CVE-2021-39903 created at 28 Oct 2021 15:08:24