{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T08:12:15.360","vulnerabilities":[{"cve":{"id":"CVE-2021-39909","sourceIdentifier":"cve@gitlab.com","published":"2021-11-05T00:15:11.147","lastModified":"2024-11-21T06:20:32.057","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances"},{"lang":"es","value":"La falta de verificación de la propiedad de la dirección de correo electrónico en la función CODEOWNERS en todas las versiones de GitLab EE a partir de la 11.3 antes de la 14.2.6, en todas las versiones a partir de la 14.3 antes de la 14.3.4 y en todas las versiones a partir de la 14.4 antes de la 14.4.1 permite a un atacante eludir el requisito de aprobación de la solicitud de fusión CODEOWNERS en raras circunstancias"}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"14.2.6","matchCriteriaId":"F7AFBE73-2546-47FF-8950-9732653E1A6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.3.0","versionEndExcluding":"14.3.4","matchCriteriaId":"79C91F49-B540-4D22-8CC9-E5CAD399E520"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"0FC6A40A-F861-445A-BD61-1ACF7D7849B1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"14.3.4","matchCriteriaId":"991530FE-7F93-46F4-9515-480966361B90"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.3.0","versionEndExcluding":"14.4.1","matchCriteriaId":"E77C4BBF-6EF9-47A6-8AD3-7349589AC1BC"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39909.json","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/335191","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/1237750","source":"cve@gitlab.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39909.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/335191","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/1237750","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]}]}}]}