Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2v36-29xm-jp89

Опубликовано: 22 фев. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 5.3

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

Ссылки

EPSS

Процентиль: 0%
0.00008
Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2024-1525

Дефекты

CWE-284
CWE-288

Связанные уязвимости

ubuntu логотип

CVE-2024-1525

CVSS3: 5.3
ubuntu
больше 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

nvd логотип

CVE-2024-1525

CVSS3: 5.3
nvd
больше 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

debian логотип

CVE-2024-1525

CVSS3: 5.3
debian
больше 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions st ...

fstec логотип

BDU:2024-01677

CVSS3: 5.3
fstec
больше 1 года назад

Уязвимость реализации LDAP-аутентификации программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю сбросить пароль произвольного пользователя и осуществить вход в систему

EPSS

Процентиль: 0%
0.00008
Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2024-1525

Дефекты

CWE-284
CWE-288