CVE-2021-39927
Last modified
CVE-2021-39927 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 8.4, <= 14.4.5 |
| Gitlab | Gitlab | >= 14.5.0, <= 14.5.3 |
| Gitlab | Gitlab | >= 14.6.0, <= 14.6.3 |
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/340476Broken Link, Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/340476Broken Link, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-39927?
How severe is CVE-2021-39927?
How do I fix CVE-2021-39927?
Are you affected by CVE-2021-39927?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST