CVE-2019-5486

2019-12-1820:58:42

CWE-288

hackerone

www.cve.org

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.

CNA Affected

[
  {
    "product": "GitLab CE/EE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.2, 12.2.6, and 12.1.10"
      }
    ]
  }
]

References

hackerone.com/reports/617896