OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gitlab | Gitlab | 12.10.0 | * |
Gitlab | Gitlab | 12.10.0 | * |
Gitlab | Gitlab | 13.0.0 | 13.0.0 |
Gitlab | Gitlab | 13.0.0 | 13.0.0 |
Gitlab | Gitlab | 12.3.0 | * |
Gitlab | Gitlab | 12.3.0 | * |