Multi-factor authentication security vulnerability in GitLab CE/EE - CVE-2022-1963 (rpm)ID: oval:org.secpod.oval:def:84683 | Date: (C)2022-10-04 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 13.4 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to a multi-factor authentication security vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. On Successful exploitation, GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.
Product: |
gitlab-ce |
gitlab-ee |