Improper Preservation of Permissions

CVE-2021-39897

Medium

5.3/10

Summary

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

Advisory Timeline

Published Nov 05, 2021

Improper Preservation of Permissions

CVE-2021-39897

Summary

CWE-281 - Improper Preservation of Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS