Описание
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.
Ссылки
- Broken Link
- Broken Link
Уязвимые конфигурации
Одно из
EPSS
7.4 High
CVSS3
8.1 High
CVSS3
Дефекты
Связанные уязвимости
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.
An improper certificate validation issue in Smartcard authentication i ...
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с некорректной проверкой сертификата при аутентификации по смарт-картам, позволяющая нарушителю пройти проверку подлинности как другой пользователь
EPSS
7.4 High
CVSS3
8.1 High
CVSS3