CVE-2021-39882

In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
Configurations

Configuration 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:community:*:*:*

Information

Published : 2021-10-05 01:15

Updated : 2021-10-12 06:39


NVD link : CVE-2021-39882

Mitre link : CVE-2021-39882

Products Affected
No products.
CWE
CWE-319

Cleartext Transmission of Sensitive Information