{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T14:10:23.248","vulnerabilities":[{"cve":{"id":"CVE-2021-39900","sourceIdentifier":"cve@gitlab.com","published":"2021-10-04T17:15:08.413","lastModified":"2024-11-21T06:20:30.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs."},{"lang":"es","value":"Una divulgación de información de SendEntry en GitLab a partir de la versión 10.8, permitía la exposición de la URL completa de los artefactos almacenados en el almacenamiento de objetos con una disponibilidad temporal por medio de los registros de Rails"}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"10.8.0","versionEndExcluding":"14.1.7","matchCriteriaId":"018E5854-4757-42B1-8C78-1CD2903E6FFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.8.0","versionEndExcluding":"14.1.7","matchCriteriaId":"24E7D2D9-8143-455A-81AB-620515030293"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"14.2.0","versionEndExcluding":"14.2.5","matchCriteriaId":"CAB23F69-59A2-430F-A082-A5F81A7A464C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.2.0","versionEndExcluding":"14.2.5","matchCriteriaId":"CD7E2FAA-308F-450F-8990-52A7DEB8ED00"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:community:*:*:*","matchCriteriaId":"3E754C1F-3FB2-4387-8523-19896FDE7A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"ED0EDF4C-4350-476E-A6C4-C2FEFC2078D8"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39900.json","source":"cve@gitlab.com","tags":["Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/325088","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39900.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/325088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}}]}