gitlab is vulnerable to Remote Code Execution (RCE). This vulnerability occurs due to a flaw in the way that GitLab handles group SAML SSO. An attacker can exploit this vulnerability to invite arbitrary users to a group, and then change the user’s email address to an attacker-controlled address. This can be used to take over the user’s account.
CPE | Name | Operator | Version |
---|---|---|---|
gitlab:sid | eq | 13.4.7-2 | |
gitlab:sid | eq | 13.3.9-1 | |
gitlab:sid | eq | 13.4.7-2 | |
gitlab:sid | eq | 13.3.9-1 |