In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: GitLab

Published: 2021-10-05T13:43:07

Updated: 2021-10-05T13:43:07

Reserved: 2021-08-23T00:00:00


Link: CVE-2021-39889

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-10-05T14:15:07.987

Modified: 2022-05-03T16:04:40.443


Link: CVE-2021-39889

JSON object: View

cve-icon Redhat Information

No data.

CWE