CVE-2021-29452: Improper Privilege Management

April 16, 2021 (updated November 7, 2023)

A new HAL-Form was added to allow editing users This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change.

References

nvd.nist.gov/vuln/detail/CVE-2021-29452

Detect and mitigate CVE-2021-29452 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →