CVE-2025-0605
22.05.2025, 15:16
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gitlab | gitlab | 16.8.0 ≤ 𝑥 < 17.10.7 |
| gitlab | gitlab | 16.8.0 ≤ 𝑥 < 17.10.7 |
| gitlab | gitlab | 17.11.0 ≤ 𝑥 < 17.11.3 |
| gitlab | gitlab | 17.11.0 ≤ 𝑥 < 17.11.3 |
| gitlab | gitlab | 18.0.0 |
| gitlab | gitlab | 18.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1390 - Weak AuthenticationThe product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.