---

CVE-2021-39945 - log back

CVE-2021-39945 edited at 07 Dec 2021 20:22:30
Description	- Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked. + Improper access control in the GitLab API affecting all versions before version 14.5.2 allows an author of a Merge Request to approve the Merge Request even after having their project access revoked.
Notes

CVE-2021-39945 edited at 07 Dec 2021 09:37:22
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked.
References	+ https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/

CVE-2021-39945 created at 07 Dec 2021 09:25:21