Default credentials

2022-10-1716:15:00

PRIOn knowledge base

www.prio-n.com

gitlab

vulnerability

default credentials

brute force

2fa

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user’s password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.

CPENameOperatorVersion
gitlabge15.3
gitlablt15.3.2
gitlabge15.2
gitlablt15.2.4
gitlabge15.2
gitlablt15.2.4
gitlabge15.3
gitlablt15.3.2
gitlablt15.1.6
gitlablt15.1.6