Low severity1.7NVD Advisory· Published Nov 5, 2021· Updated Jun 12, 2026
CVE-2021-39911
CVE-2021-39911
Description
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
Affected products
5cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*+ 2 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*range: >=13.9.0,<14.2.6
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*range: >=13.9.0,<14.2.6
- (no CPE)range: >=13.9, <14.2.6
- Range: >=13.9.0, <14.2.6, >=14.3.0, <14.3.4, >=14.4.0, <14.4.1
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.jsonnvdVendor Advisory
- gitlab.com/gitlab-org/gitlab/-/issues/297470nvdBroken Link
News mentions
0No linked articles in our index yet.