PT-2025-50577 · Gitlab · Gitlab Ce/Ee
Jcarre
·
Published
2025-12-10
·
Updated
2025-12-11
·
CVE-2025-11984
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 13.1 through 18.4.6
GitLab CE/EE versions 18.5 through 18.5.4
GitLab CE/EE versions 18.6 through 18.6.2
Description
GitLab CE/EE is affected by an issue that allows an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.
Recommendations
GitLab CE/EE versions 13.1 through 18.4.6 should be updated to a version later than 18.4.6.
GitLab CE/EE versions 18.5 through 18.5.4 should be updated to a version later than 18.5.4.
GitLab CE/EE versions 18.6 through 18.6.2 should be updated to a version later than 18.6.2.
Exploit
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee