Unrated severityNVD Advisory· Published May 22, 2025· Updated May 22, 2025
Improper Validation of Consistency within Input in GitLab
CVE-2024-12093
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 11.1
- (no CPE)range: >=11.1, <17.10.7, >=17.11, <17.11.3, >=18.0, <18.0.1
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2851261mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/507445mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 18.0.1, 17.11.3, 17.10.7GitLab Security Releases · May 21, 2025