Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication Bypass Using an Alternate Path or Channel in GitLab
Vulnerability Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
GitLab 安全漏洞
Vulnerability Description
GitLab是美国GitLab公司的一个端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab CE/EE 18.8.7之前版本、18.9.3之前版本和18.10.1之前版本存在安全漏洞,该漏洞源于身份验证过程中输入验证不一致,可能导致未经验证的用户绕过WebAuthn双因素身份验证并获得对用户账户的未经授权访问。
CVSS Information
N/A
Vulnerability Type
N/A