Improper Access Control Vulnerability in GitLab CE/EE Allows Access with Expired Passwords

Improper Access Control Vulnerability in GitLab CE/EE Allows Access with Expired Passwords

CVE-2021-39872 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

Learn more about our Api Penetration Testing.