GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
CVSS v2.0 Score
6.8
/ 10.0
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Information
- Published
- 12 mai 2014
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- secalert@redhat.com
Affected products
gitlab gitlab
Versions : 5.4.1, 0.8.0, 0.9.1, 0.9.4, 0.9.6
Weaknesses (CWE)
CWE-287
References (4)
- https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/PatchVendor Advisory
- https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/PatchVendor Advisory
Similar CVEs
Other vulnerabilities of type CWE-287
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.