CVE-2021-39943
MEDIUMGitLab 14.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in External Status Check API
Title source: llmDescription
An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/343604
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1375393
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39943.json
Scores
CVSS v3
4.3
EPSS
0.0024
EPSS Percentile
47.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-863
Status
published
Products (1)
gitlab/gitlab
14.1.0 - 14.3.6
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026