### [CVE-2021-39936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39936)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D10.7%2C%20%3C14.3.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D14.4%2C%20%3C14.4.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D14.5%2C%20%3C14.5.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control%20in%20GitLab&color=brightgreen)

### Description

Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.

### POC

#### Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/241767

#### Github
No PoCs found on GitHub currently.