5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
16.0%
An issue has been discovered in GitLab CE/EE affecting all versions
starting from 16.1 before 16.7.6, all versions starting from 16.8 before
16.8.3, all versions starting from 16.9 before 16.9.1. Under some
specialized conditions, an LDAP user may be able to reset their password
using their verified secondary email address and sign-in using direct
authentication with the reset password, bypassing LDAP.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
16.0%