CVE-2021-39895 Vulnerability Details

  /     /     /  

CVE-2021-39895 Metadata Quick Info

CVE Published: 04/11/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: GitLab | Vendor: GitLab | Product: GitLab
Status : PUBLISHED

CVE-2021-39895 Description

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.

Metrics

CVSS Version: 3.1 | Base Score: 6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Configuration in GitLab
Source: GitLab

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).