CVE-2021-39931

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39931

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39931.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-39931

Aliases

BIT-gitlab-2021-39931

Downstream

UBUNTU-CVE-2021-39931

Published

2021-12-13T16:15:09.130Z

Modified

2026-04-09T08:13:46.411756Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

12dd0f62012c6df8bd67abc2d9c5c54bd82366f7

Fixed

057790c613dea428aa523357c333ced5433794ee

Introduced

12dd0f62012c6df8bd67abc2d9c5c54bd82366f7

Fixed

057790c613dea428aa523357c333ced5433794ee

Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

a1175384df48e74899d664520601823016d81084

Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

a1175384df48e74899d664520601823016d81084

Introduced

490a8efda84a04e31ac41b882d95bb717c202437

Fixed

4511944420f00a68d5df2b3d81e5dae7fa2888f3

Introduced

490a8efda84a04e31ac41b882d95bb717c202437

Fixed

4511944420f00a68d5df2b3d81e5dae7fa2888f3

Database specific

{
    "versions": [
        {
            "introduced": "8.11.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "8.11.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        }
    ]
}

Affected versions

v14.*

v14.4.0-ee

v14.4.2-ee

v14.4.3-ee

v14.5.0-ee

v14.5.1-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39931.json"