An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/438144 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-02-21T23:30:44.816Z
Updated: 2024-08-29T15:04:55.400Z
Reserved: 2024-02-15T07:03:33.019Z
Link: CVE-2024-1525
Vulnrichment
Updated: 2024-08-01T18:40:21.306Z
NVD
Status : Analyzed
Published: 2024-02-22T00:15:52.327
Modified: 2024-03-04T20:14:59.457
Link: CVE-2024-1525
Redhat
No data.