Information Disclosure

2023-08-0613:55:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

information disclosure

vulnerability

two-factor authentication

unauthenticated users

security

0.001 Low

EPSS

Percentile

44.3%

JSON

gitlab is vulnerable to Information Disclosure. The vulnerability results in revealing a users two-factor authentication status to unauthenticated users.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1963.json

gitlab.com/gitlab-org/gitlab/-/issues/352210

hackerone.com/reports/1470023

security-tracker.debian.org/tracker/CVE-2022-1963

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for VERACODE:42257