CVE-2021-39909 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances.
Group Package Affected Fixed Severity Status Ticket
AVG-2503 gitlab 14.3.3-2 14.5.0-1 High Testing
References
https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/