CVE-2021-39930 - log back

CVE-2021-39930 edited at 07 Dec 2021 20:23:28
Description
- Missing authorization in GitLab EE versions starting from 12.4 before 14.3.6, starting from 14.4.0 before 14.4.4, and starting from 14.5.0 before 14.5.2 allowed an attacker to access a user's custom project and group templates.
+ Missing authorization in GitLab EE before version 14.5.2 allowed an attacker to access a user's custom project and group templates.
Notes
CVE-2021-39930 edited at 07 Dec 2021 09:31:19
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ Missing authorization in GitLab EE versions starting from 12.4 before 14.3.6, starting from 14.4.0 before 14.4.4, and starting from 14.5.0 before 14.5.2 allowed an attacker to access a user's custom project and group templates.
References
+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
CVE-2021-39930 created at 07 Dec 2021 09:25:21