CVE-2021-39896

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39896
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39896.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-39896
Aliases
Related
Published
2021-10-04T17:15:08Z
Modified
2024-11-21T06:20:30Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
b50421f8650a390aa637da68c7e0138dd764fdf3
Fixed
9cd657e5179e339171d27e4573b8f5711db1d824