CVE-2021-39901
Publication date 5 November 2021
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gitlab | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial | Ignored |
Notes
mdeslaur
GitLab isn't maintainable as a distro package, and was removed from Ubuntu because of this. We will not be fixing security issues in the gitlab package in Xenial.
Severity score breakdown
CVSS version: CVSS v3.0
Base score
2.7 · Low
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N