CVE-2021-39909 - log back

CVE-2021-39909 edited at 28 Oct 2021 15:13:38
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances.
References
+ https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/
CVE-2021-39909 created at 28 Oct 2021 15:08:24