6.8

CVE-2025-11984

Exploit

Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 13.1.0 < 18.4.6
GitlabGitLab SwEditionenterprise Version >= 13.1.0 < 18.4.6
GitlabGitLab SwEditioncommunity Version >= 18.5.0 < 18.5.4
GitlabGitLab SwEditionenterprise Version >= 18.5.0 < 18.5.4
GitlabGitLab SwEditioncommunity Version >= 18.6.0 < 18.6.2
GitlabGitLab SwEditionenterprise Version >= 18.6.0 < 18.6.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.046
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@gitlab.com 6.8 1.6 5.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.