---

CVE-2021-39931 - log back

CVE-2021-39931 edited at 07 Dec 2021 20:19:41
Description	- An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. + An issue has been discovered in GitLab before version 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
Notes

CVE-2021-39931 edited at 07 Dec 2021 09:37:02
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.
References	+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/

CVE-2021-39931 created at 07 Dec 2021 09:25:21