CVE-2021-39896
3.8 LOWIn all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin ma...
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 3.8 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Affected products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
Description
In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39896
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/339362
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/339362
Related CVEs
Same vendor
- CVE-2026-9694 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (2.6 LOW)
- CVE-2026-9204 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (5.3 MEDIUM)
- CVE-2026-8589 — GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0... (7.3 HIGH)
- CVE-2026-7250 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (7.5 HIGH)
- CVE-2026-6976 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)