CVE-2021-39911
1.7 LOWAn improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before ...
Published: 2021-11-05 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 1.7 LOW
- Vector
- CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
Description
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39911
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/297470
- [Vendor advisory]https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json
- [Other]https://gitlab.com/gitlab-org/gitlab/-/issues/297470
Related CVEs
Same vendor
- CVE-2026-9694 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (2.6 LOW)
- CVE-2026-9204 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (5.3 MEDIUM)
- CVE-2026-8589 — GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0... (7.3 HIGH)
- CVE-2026-7250 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (7.5 HIGH)
- CVE-2026-6976 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)