Description
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/15/4
Patch, Vendor Advisory x_refsource_confirm
https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/
Scores
EPSS
0.0007
EPSS Percentile
20.9%
Details
CWE
CWE-287
Status
published
Products (38)
gitlab/gitlab
0.8.0 (2 CPE variants)
gitlab/gitlab
0.9.1 (2 CPE variants)
gitlab/gitlab
0.9.4 (2 CPE variants)
gitlab/gitlab
0.9.6 (2 CPE variants)
gitlab/gitlab
1.0.0 (2 CPE variants)
gitlab/gitlab
1.0.1 (2 CPE variants)
gitlab/gitlab
1.0.2 (2 CPE variants)
gitlab/gitlab
1.1.0 (2 CPE variants)
gitlab/gitlab
1.2.0 (2 CPE variants)
gitlab/gitlab
1.2.1 (2 CPE variants)
... and 28 more
Published
May 12, 2014
Tracked Since
Feb 18, 2026