Improper Access Control Vulnerability in GitLab GraphQL API Allows Unauthorized Resolution of Discussions and Application of Suggestions

Improper Access Control Vulnerability in GitLab GraphQL API Allows Unauthorized Resolution of Discussions and Application of Suggestions

CVE-2021-39904 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

Learn more about our Api Penetration Testing.