← back
CVE-2021-39889

CVE-2021-39889

CVSS 4.3 MEDIUMEPSS 0.8%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Oct 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39889.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/338062https://hackerone.com/reports/1294017