An issue has been discovered in GitLab CE/EE affecting all versions prior to 15.1.6, all versions starting from 15.2 prior to 15.2.4, all versions starting from 15.3 prior to 15.3.2. It may be possible for an malicious user to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |