CVE-2021-39901

Publication date 5 November 2021

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

2.7 · Low

Score breakdown

Description

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.

Read the notes from the security team

Status

Package Ubuntu Release Status
gitlab 24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
16.04 LTS xenial Ignored

Notes


mdeslaur

GitLab isn't maintainable as a distro package, and was removed from Ubuntu because of this. We will not be fixing security issues in the gitlab package in Xenial.

Severity score breakdown

CVSS version: CVSS v3.0

Base score 2.7 · Low

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N


Access our resources on patching vulnerabilities