GitLab 7.7 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39881)
Discription
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description. (CVE-2021-39881) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
References
Back to Main