CVE-2021-39915 - log back

CVE-2021-39915 edited at 07 Dec 2021 20:18:57
Description
- Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects.
+ Improper access control in the GraphQL API in GitLab before version 14.5.2 allows an attacker to see the names of project access tokens on arbitrary projects.
Notes
CVE-2021-39915 edited at 07 Dec 2021 09:30:30
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects.
References
+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
CVE-2021-39915 created at 07 Dec 2021 09:25:21