CVE-2024-1525

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-288
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.

Related Vulnerabilities

CVE-2018-19000

MEDIUM
CVSS:5.3(Medium)

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.

CWE-2882018

CVE-2022-24047

MEDIUM
CVSS:5.3(Medium)

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific ...

CWE-2882022

CVE-2024-33939

MEDIUM
CVSS:5.3(Medium)

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.

CWE-2882024

CVE-2024-46887

MEDIUM
CVSS:5.3(Medium)

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge a...

CWE-2882024

CVE-2024-50334

HIGH
CVSS:5.3(Medium)

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass a...

CWE-2882024

CVE-2025-26700

MEDIUM
CVSS:5.2(Medium)

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where ...

CWE-2882025