CVE-2021-39913

MEDIUM(4.4)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score11/100 — NIEDRIG

CVSS 4.4 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.4

Technische Schwere

Beschreibung

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges

Referenzen

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json
https://gitlab.com/gitlab-org/gitlab/-/issues/28074
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json
https://gitlab.com/gitlab-org/gitlab/-/issues/28074