CVE-2024-1525 - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab:16.9.0:::::::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/438144

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-02-21T23:30:44.816Z

Updated: 2024-08-29T15:04:55.400Z

Reserved: 2024-02-15T07:03:33.019Z

Link: CVE-2024-1525

Vulnrichment

Updated: 2024-08-01T18:40:21.306Z

NVD

Status : Analyzed

Published: 2024-02-22T00:15:52.327

Modified: 2024-03-04T20:14:59.457

Link: CVE-2024-1525

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1525", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-02-15T07:03:33.019Z", "datePublished": "2024-02-21T23:30:44.816Z", "dateUpdated": "2024-08-29T15:04:55.400Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.7.6", "status": "affected", "version": "16.1", "versionType": "semver"}, {"lessThan": "16.8.3", "status": "affected", "version": "16.8", "versionType": "semver"}, {"lessThan": "16.9.1", "status": "affected", "version": "16.9", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:55.400Z"}, "references": [{"name": "GitLab Issue #438144", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."}], "title": "Improper Access Control in GitLab"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:29:18.467492Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:54.930Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.306Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144", "name": "GitLab Issue #438144", "tags": ["issue-tracking", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144", "name": "GitLab Issue #438144", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.306Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:29:18.467492Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.572Z"}}], "cna": {"title": "Improper Access Control in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "16.1", "lessThan": "16.7.6", "versionType": "semver"}, {"status": "affected", "version": "16.8", "lessThan": "16.8.3", "versionType": "semver"}, {"status": "affected", "version": "16.9", "lessThan": "16.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144", "name": "GitLab Issue #438144", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:55.400Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1525", "state": "PUBLISHED", "dateUpdated": "2024-08-29T15:04:55.400Z", "dateReserved": "2024-02-15T07:03:33.019Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-02-21T23:30:44.816Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "matchCriteriaId": "F78B6F50-69F7-45F5-9541-5F35620206A9", "versionEndExcluding": "16.7.6", "versionStartIncluding": "16.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BDFC85-244E-41F5-9F55-D4497756954B", "versionEndExcluding": "16.8.3", "versionStartIncluding": "16.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "06CEE568-A6C1-4C8A-8786-B561643668AB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. En algunas condiciones especializadas, un usuario de LDAP puede restablecer su contrase\u00f1a utilizando su direcci\u00f3n de correo electr\u00f3nico secundaria verificada e iniciar sesi\u00f3n mediante autenticaci\u00f3n directa con la contrase\u00f1a restablecida, sin pasar por LDAP."}], "id": "CVE-2024-1525", "lastModified": "2024-03-04T20:14:59.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2024-02-22T00:15:52.327", "references": [{"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve@gitlab.com", "type": "Secondary"}]}