CVE-2019-5486

NameCVE-2019-5486
DescriptionA authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gitlab (PTS)sid17.6.5-19fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gitlabsource(unstable)12.6.8-3

Notes

https://hackerone.com/reports/617896
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
Search for package or bug name: Reporting problems