An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/421607 | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-15T16:02:40.371Z
Updated: 2023-12-15T16:02:40.371Z
Reserved: 2023-12-11T12:30:49.713Z
Link: CVE-2023-6680
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-15T16:15:46.737
Modified: 2023-12-19T20:51:03.237
Link: CVE-2023-6680
JSON object: View
Redhat Information
No data.
CWE