CVE-2021-39935 - log back

CVE-2021-39935 edited at 07 Dec 2021 20:20:47
Description
- An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API.
+ An issue has been discovered in GitLab before version 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API.
Notes
CVE-2021-39935 edited at 07 Dec 2021 09:28:53
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API.
References
+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
CVE-2021-39935 created at 07 Dec 2021 09:25:21