CVE-2021-39881
3.5 LOWIn all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbit...
Published: 2021-10-05 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 3.5 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
Description
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39881
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39881.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/26695
- [Other]https://hackerone.com/reports/494530
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39881.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/26695
- [Other]https://hackerone.com/reports/494530
Related CVEs
Same vendor
- CVE-2026-9694 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (2.6 LOW)
- CVE-2026-9204 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (5.3 MEDIUM)
- CVE-2026-8589 — GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0... (7.3 HIGH)
- CVE-2026-7250 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (7.5 HIGH)
- CVE-2026-6976 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)