CVE-2024-1525 - Vulnerability Details - OpenCVE

ReportizFlow

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab:16.9.0:::::::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/gitlab/-/issues/438144

History

Thu, 03 Oct 2024 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284

Thu, 03 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Improper Access Control in GitLab	Authentication Bypass Using an Alternate Path or Channel in GitLab
Weaknesses		CWE-288

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-02-21T23:30:44.816Z

Updated: 2024-10-03T06:23:18.531Z

Reserved: 2024-02-15T07:03:33.019Z

Link: CVE-2024-1525

Vulnrichment

Updated: 2024-08-01T18:40:21.306Z

NVD

Status : Modified

Published: 2024-02-22T00:15:52.327

Modified: 2024-11-21T08:50:45.333

Link: CVE-2024-1525

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1525", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-02-15T07:03:33.019Z", "datePublished": "2024-02-21T23:30:44.816Z", "dateUpdated": "2024-10-03T06:23:18.531Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://[email protected]:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.7.6", "status": "affected", "version": "16.1", "versionType": "semver"}, {"lessThan": "16.8.3", "status": "affected", "version": "16.8", "versionType": "semver"}, {"lessThan": "16.9.1", "status": "affected", "version": "16.9", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:18.531Z"}, "references": [{"name": "GitLab Issue #438144", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."}], "title": "Authentication Bypass Using an Alternate Path or Channel in GitLab"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:29:18.467492Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:54.930Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.306Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144", "name": "GitLab Issue #438144", "tags": ["issue-tracking", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144", "name": "GitLab Issue #438144", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.306Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:29:18.467492Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.572Z"}}], "cna": {"title": "Improper Access Control in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://[email protected]:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "16.1", "lessThan": "16.7.6", "versionType": "semver"}, {"status": "affected", "version": "16.8", "lessThan": "16.8.3", "versionType": "semver"}, {"status": "affected", "version": "16.9", "lessThan": "16.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144", "name": "GitLab Issue #438144", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:55.400Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1525", "state": "PUBLISHED", "dateUpdated": "2024-08-29T15:04:55.400Z", "dateReserved": "2024-02-15T07:03:33.019Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-02-21T23:30:44.816Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "matchCriteriaId": "F78B6F50-69F7-45F5-9541-5F35620206A9", "versionEndExcluding": "16.7.6", "versionStartIncluding": "16.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BDFC85-244E-41F5-9F55-D4497756954B", "versionEndExcluding": "16.8.3", "versionStartIncluding": "16.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "06CEE568-A6C1-4C8A-8786-B561643668AB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. En algunas condiciones especializadas, un usuario de LDAP puede restablecer su contrase\u00f1a utilizando su direcci\u00f3n de correo electr\u00f3nico secundaria verificada e iniciar sesi\u00f3n mediante autenticaci\u00f3n directa con la contrase\u00f1a restablecida, sin pasar por LDAP."}], "id": "CVE-2024-1525", "lastModified": "2024-11-21T08:50:45.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-02-22T00:15:52.327", "references": [{"source": "[email protected]", "tags": ["Permissions Required"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}