CVE-2021-39902 : Vulnerability Insights and Analysis
Discover the impact of CVE-2021-39902, an Incorrect Authorization vulnerability in GitLab allowing unauthorized users to manipulate incident severity. Learn about affected versions and mitigation steps.
CVE-2021-39902 is a vulnerability in GitLab that allows a user with guest membership in a project to modify the severity of an incident.
Understanding CVE-2021-39902
This section provides insights into the details and impact of the CVE.
What is CVE-2021-39902?
The vulnerability involves Incorrect Authorization in GitLab CE/EE 13.4 or above, enabling unauthorized users to manipulate incident severity.
The Impact of CVE-2021-39902
The vulnerability's CVSS score is 4.3 (Medium Severity) with low integrity impact, affecting specific GitLab versions.
Technical Details of CVE-2021-39902
Explore the technical aspects and implications of the GitLab vulnerability.
Vulnerability Description
The flaw allows users with guest access to project modification privileges beyond their scope.
Affected Systems and Versions
- Product: GitLab
- Vendor: GitLab
- Affected Versions:
=13.4, <14.2.6
=14.3, <14.3.4
=14.4, <14.4.1
Exploitation Mechanism
Unauthorized users exploit the vulnerability through network-based attacks with low complexity, requiring minimal privileges.
Mitigation and Prevention
Learn how to address and prevent CVE-2021-39902.
Immediate Steps to Take
- Update GitLab to versions 14.2.6, 14.3.4, or 14.4.1 to mitigate the vulnerability.
- Review and adjust project access permissions to prevent unauthorized modifications.
- Monitor incidents for unauthorized severity changes.
Long-Term Security Practices
- Conduct regular security training for project members on access control.
- Implement multi-factor authentication for enhanced security.
Patching and Updates
- Stay informed about GitLab security releases and apply patches promptly to protect against vulnerabilities.