Описание
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gitlab | unfixed | package |
EPSS
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с обходом процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS