Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.7%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Products affected by CVE-2021-39889
  • Gitlab » Gitlab » Version: 14.1.0
    cpe:2.3:a:gitlab:gitlab:14.1.0
  • Gitlab » Gitlab » Version: 14.1.1
    cpe:2.3:a:gitlab:gitlab:14.1.1
  • Gitlab » Gitlab » Version: 14.1.2
    cpe:2.3:a:gitlab:gitlab:14.1.2
  • Gitlab » Gitlab » Version: 14.1.3
    cpe:2.3:a:gitlab:gitlab:14.1.3
  • Gitlab » Gitlab » Version: 14.1.4
    cpe:2.3:a:gitlab:gitlab:14.1.4
  • Gitlab » Gitlab » Version: 14.1.5
    cpe:2.3:a:gitlab:gitlab:14.1.5
  • Gitlab » Gitlab » Version: 14.1.6
    cpe:2.3:a:gitlab:gitlab:14.1.6
  • Gitlab » Gitlab » Version: 14.2.0
    cpe:2.3:a:gitlab:gitlab:14.2.0
  • Gitlab » Gitlab » Version: 14.2.1
    cpe:2.3:a:gitlab:gitlab:14.2.1
  • Gitlab » Gitlab » Version: 14.2.2
    cpe:2.3:a:gitlab:gitlab:14.2.2
  • Gitlab » Gitlab » Version: 14.2.3
    cpe:2.3:a:gitlab:gitlab:14.2.3
  • Gitlab » Gitlab » Version: 14.2.4
    cpe:2.3:a:gitlab:gitlab:14.2.4
  • Gitlab » Gitlab » Version: 14.3.0
    cpe:2.3:a:gitlab:gitlab:14.3.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved