Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-39883
CVE-2021-39883:
GitLab vulnerability analysis and mitigation
Overview
Improper authorization checks in GitLab Enterprise Edition (EE) versions starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allowed subgroup members to see epics from all parent subgroups. This vulnerability was assigned CVE-2021-39883 and was discovered internally by the GitLab team (GitLab Security Release).
Technical details
The vulnerability was rated as medium severity with a CVSS v3.1 score of 4.3 (MEDIUM) and CVSS v2.0 score of 4.0 (MEDIUM). The issue stemmed from improper authorization checks in the epic listing functionality that failed to properly honor group memberships (NVD Results).
Impact
The vulnerability allowed subgroup members to gain unauthorized access to epics from all parent subgroups, potentially exposing sensitive information beyond their intended access level (GitLab Security Release).
Mitigation and workarounds
GitLab addressed this vulnerability in versions 14.1.7, 14.2.5, and 14.3.1. Users were strongly recommended to upgrade to these patched versions immediately (GitLab Security Release).
Additional resources
Source: This report was generated using AI
Related GitLab vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management