Missing Authentication for Critical Function

CVE-2021-39879

Low

2.2/10

Summary

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-306 - Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

Advisory Timeline

Published Oct 04, 2021

Missing Authentication for Critical Function

CVE-2021-39879

Summary

CWE-306 - Missing Authentication for Critical Function

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS