GitHub Community Edition/Enterprise Edition 13.0 Bitbucket Server Import access control

A vulnerability was found in GitHub Community Edition and Enterprise Edition 13.0 (Bug Tracking Software) and classified as critical. Affected by this issue is some unknown processing of the component Bitbucket Server Import. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field10/05/2021 09:44 AM10/09/2021 06:44 AM10/09/2021 06:54 AM
vendorGitHubGitHubGitHub
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
version13.013.013.0
componentBitbucket Server ImportBitbucket Server ImportBitbucket Server Import
cwe284 (access control)284 (access control)284 (access control)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
identifier340783407834078
urlhttps://gitlab.com/gitlab-org/gitlab/-/issues/340782https://gitlab.com/gitlab-org/gitlab/-/issues/340782https://gitlab.com/gitlab-org/gitlab/-/issues/340782
confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.json
cveCVE-2021-39871CVE-2021-39871CVE-2021-39871
cve_assigned1629669600 (08/23/2021)1629669600 (08/23/2021)1629669600 (08/23/2021)
date1633384800 (10/05/2021)1633384800 (10/05/2021)1633384800 (10/05/2021)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore5.25.25.2
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.55.55.5
cvss3_meta_basescore5.55.54.9
cvss3_meta_tempscore5.55.54.9
price_0day$0-$5k$0-$5k$0-$5k
cve_nvd_summaryIn all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaGitLab Inc.
cvss3_cna_basescore4.3

Do you need the next level of professionalism?

Upgrade your account now!