CVE-2021-39937 - log back

CVE-2021-39937 edited at 07 Dec 2021 20:21:21
Description
- A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances.
+ A collision in access memoization logic in all versions of GitLab before version 14.5.2 leads to potential elevated privileges in groups and projects under rare circumstances.
Notes
CVE-2021-39937 edited at 07 Dec 2021 09:29:25
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Privilege escalation
Description
+ A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances.
References
+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
CVE-2021-39937 created at 07 Dec 2021 09:25:21