How severe is CVE-2021-39899?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2021-39899?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2021-39899

MEDIUM Year: 2021

CVSS v3 Score

4.2

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-640

View all →

Vulnerability Description

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.

CVE-2022-23172

MEDIUM

CVSS:4.3(Medium)

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you...

CWE-6402022

CVE-2022-42807

MEDIUM

CVSS:4.3(Medium)

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key

CWE-6402022

CVE-2023-5959

MEDIUM

CVSS:4.3(Medium)

A vulnerability, which was classified as problematic, was found in Byzoro Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the a...

CWE-6402023

CVE-2021-39919

MEDIUM

CVSS:4.4(Medium)

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user...

CWE-6402021

CVE-2015-3189

LOW

CVSS:3.7(Low)

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired af...

CWE-6402015

CVE-2024-9907

MEDIUM

CVSS:3.7(Low)

A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verificat...

CWE-6402024

CVE-2021-39899

Vulnerability Description

Related Vulnerabilities

CVE-2022-23172

CVE-2022-42807

CVE-2023-5959

CVE-2021-39919

CVE-2015-3189

CVE-2024-9907