Lucene search
GoogleOSV:BIT-GITLAB-2023-6680HistoryMar 06, 2024 - 10:54 a.m.
BIT-gitlab-2023-6680
2024-03-0610:54:27
Google
osv.dev
9
certificate validation
smartcard authentication
gitlab ee
security issue
experimental feature
administrator
public key
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.
Related
debiancve
debiancve
CVE-2023-6680
2023-12-15 16:15:46
nessus
nessus
GitLab 11.6 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-6680)
2023-12-14 00:00:00
FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)
2023-12-14 00:00:00
ubuntucve
ubuntucve
CVE-2023-6680
2023-12-15 00:00:00
cvelist
cvelist
CVE-2023-6680 Improper Certificate Validation in GitLab
2023-12-15 16:02:40
osv
osv
CVE-2023-6680
2023-12-15 16:15:46
prion
prion
Input validation
2023-12-15 16:15:00
cve
cve
CVE-2023-6680
2023-12-15 16:15:46
freebsd
freebsd
Gitlab -- vulnerabilities
2023-12-13 00:00:00