Authorization Bypass
Discription

gitlab is vulnerable to Authorization Bypass. The vulnerability allows a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.Read More

References

https://security-tracker.debian.org/tracker/CVE-2021-39881https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39881.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/26695https://hackerone.com/reports/494530

3.5 Low

CVSS2

  • Access Vector
  • Access Complexity
  • Authentication
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Medium
  • Single
  • None
  • Partial
  • None

AV:N/AC:M/Au:S/C:N/I:P/A:N

3.5 Low

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • Low
  • Required
  • Unchanged
  • None
  • Low
  • None

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Back to Main
Subscribe for the latest news: