GCVE - cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:*:community:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:*:community:*:*

part: a version: 14.4.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	*
Target software	community
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.277863

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-39913`	vulnerable	2026-06-03 14:45:09.851052	Details available MEDIUM (4.4) Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges Published: 2021-11-04T23:08:15.000Z Updated: 2024-08-04T02:20:33.764Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/28074 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39911`	vulnerable	2026-06-03 14:45:09.850256	Details available LOW (1.7) An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers Published: 2021-11-04T23:16:02.000Z Updated: 2024-08-04T02:20:33.804Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/297470 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39904`	vulnerable	2026-06-03 14:45:09.846669	Details available MEDIUM (4.3) An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request Published: 2021-11-04T23:13:11.000Z Updated: 2024-08-04T02:20:33.680Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/295298 https://hackerone.com/reports/1063420 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39904.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.