CVE-2021-39904 log

Severity Medium
Remote Yes
Type Access restriction bypass
An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request.
Group Package Affected Fixed Severity Status Ticket
AVG-2503 gitlab 14.3.3-2 14.5.0-1 High Fixed