Lucene search
GoogleOSV:CVE-2023-6680HistoryDec 15, 2023 - 4:15 p.m.
CVE-2023-6680
2023-12-1516:15:46
Google
osv.dev
3
cve-2023-6680
software
smartcard authentication
gitlab ee
certificate validation
attack
experimental feature
administrator
public key
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.
Related
debiancve
debiancve
CVE-2023-6680
2023-12-15 16:15:46
nessus
nessus
GitLab 11.6 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-6680)
2023-12-14 00:00:00
FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)
2023-12-14 00:00:00
ubuntucve
ubuntucve
CVE-2023-6680
2023-12-15 00:00:00
cvelist
cvelist
CVE-2023-6680 Improper Certificate Validation in GitLab
2023-12-15 16:02:40
prion
prion
Input validation
2023-12-15 16:15:00
osv
osv
BIT-gitlab-2023-6680
2024-03-06 10:54:27
cve
cve
CVE-2023-6680
2023-12-15 16:15:46
freebsd
freebsd
Gitlab -- vulnerabilities
2023-12-13 00:00:00