Описание
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.3.8 (включая)Версия от 10.4.0 (включая) до 10.4.5 (включая)Версия от 10.5.0 (включая) до 10.5.5 (включая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00172
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 7 лет назад
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
CVSS3: 9.8
debian
больше 7 лет назад
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, a ...
CVSS3: 9.8
github
около 3 лет назад
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
EPSS
Процентиль: 39%
0.00172
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20