CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.1:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.1:*:*:*:enterprise:*:*:*

Information

Published : 2021-12-06 10:15

Updated : 2021-12-07 09:47


NVD link : CVE-2021-39890

Mitre link : CVE-2021-39890


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

gitlab

  • gitlab