CVE-2021-39886
LOWGitLab 10.6.0-14.1.7 - Unauthenticated Confidential Epic Reference Exposure via Issue Move
Title source: llmDescription
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/330520
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39886.json
Scores
CVSS v3
2.6
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (1)
gitlab/gitlab
10.6.0 - 14.1.7 (2 CPE variants)
Published
Oct 05, 2021
Tracked Since
Feb 18, 2026