CVE-2019-5473 — Authentication Bypass Using an Alternate Path or Channel in Gitlab

CWE-288 — Authentication Bypass Using an Alternate Path or Channel CWE-287 — Improper Authentication4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 58.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedSep 9

Latest updateMay 24

Description

An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDgitlab/gitlab12.0.4, 12.1.2+1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-93f4-345x-96mm: An authentication issue was discovered in GitLab that allowed a bypass of email verification↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2019-5473: An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.↗2019-09-09

▶

Debian

CVE-2019-5473: gitlab - An authentication issue was discovered in GitLab that allowed a bypass of email ...↗2019

▶