CVE-2021-39880

EPSS 0.4%
Veröffentlicht 05.10.2021 15:15:07
Zuletzt bearbeitet 21.11.2024 06:20:27
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version > 11.9.0 < 14.0.9

Gitlab ≫ Gitlab SwEditionenterprise Version >= 11.9.0 < 14.0.9

Gitlab ≫ Gitlab SwEditioncommunity Version > 14.1.0 < 14.1.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 14.1.0 < 14.1.4

Gitlab ≫ Gitlab SwEditioncommunity Version >= 14.2.0 < 14.2.2

Gitlab ≫ Gitlab SwEditionenterprise Version >= 14.2.0 < 14.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.599

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
cve@gitlab.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/330561

Broken Link

https://hackerone.com/reports/1181284

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-39880

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39880

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39880

EUVD