Описание
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
Ссылки
- Permissions Required
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
An issue has been discovered in GitLab CE/EE affecting all versions st ...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
Уязвимость реализации LDAP-аутентификации программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю сбросить пароль произвольного пользователя и осуществить вход в систему
EPSS
5.3 Medium
CVSS3