Improper Access Control Vulnerability in GitLab CE/EE Allows Access with Expired Passwords
CVE-2021-39872 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
Learn more about our Api Penetration Testing.