CVE-2025-0605

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-1390
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

Related Vulnerabilities

CVE-2023-41900

MEDIUM
CVSS:4.3(Medium)

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nest...

CWE-13902023

CVE-2024-5891

MEDIUM
CVSS:4.2(Medium)

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the ...

CWE-13902024

CVE-2023-41862

MEDIUM
CVSS:5.3(Medium)

Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0.

CWE-13902023

CVE-2024-47127

MEDIUM
CVSS:3.1(Low)

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vul...

CWE-13902024

CVE-2024-45551

MEDIUM
CVSS:6.2(Medium)

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.

CWE-13902024

CVE-2022-43400

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Act...

CWE-13902022