VDB

CVE-2024-12093

CVE-2024-12093 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.

EPSS 0.06% · 18.0th percentile

Risk Scores

EPSS Score
0.06%
18.0th percentile

Affected Products

VendorProductVersions
Bitnamigitlab11.1.0, 18.0.0
Bitnamigitlab18.0.0, 11.1.0

Timeline

  • Jan 21, 1970 Security Advisory
  • May 21, 2025 CVE Published
  • May 22, 2025 Coalition ESS Score
  • May 22, 2025 PoC Published
  • May 22, 2025 CVE Updated
  • May 23, 2025 EPSS Score
  • May 23, 2025 Coalition ESS Score
  • Jun 3, 2025 EPSS Score
  • Jun 14, 2025 EPSS Score
  • Jun 25, 2025 EPSS Score
  • Jul 6, 2025 EPSS Score
  • Jul 18, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›