Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2021-39896

In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.

Published: Oct 4, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-39896
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gitlab / gitlab	14.3	14.3.1
gitlab / gitlab	14.2	14.2.5
gitlab / gitlab	8.0.0	14.1.7

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json
https://gitlab.com/gitlab-org/gitlab/-/issues/339362

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo