admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-1525.md
0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00

18 lines
950 B
Markdown
Raw Blame History

### [CVE-2024-1525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1525)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=16.1%3C%2016.7.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%3A%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)
### Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/NaInSec/CVE-LIST
Reference in New Issue View Git Blame Copy Permalink