CVE-2021-39883
4.3 MEDIUMImproper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2...
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
Description
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39883
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/334279
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/334279
Related CVEs
Same vendor
- CVE-2026-9694 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (2.6 LOW)
- CVE-2026-9204 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (5.3 MEDIUM)
- CVE-2026-8589 — GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0... (7.3 HIGH)
- CVE-2026-7250 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (7.5 HIGH)
- CVE-2026-6976 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)