CVE-2021-39936 - log back

CVE-2021-39936 edited at 07 Dec 2021 20:21:03
Description
- Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.
+ Improper access control in GitLab before version 14.5.2 allows an attacker in possession of a deploy token to access a project's disabled wiki.
Notes
CVE-2021-39936 edited at 07 Dec 2021 09:35:30
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.
References
+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
CVE-2021-39936 created at 07 Dec 2021 09:25:21