Incorrect Omniauth-Auth0 Configuration in GitLab Leading to Unauthorized User Sign-In

Incorrect Omniauth-Auth0 Configuration in GitLab Leading to Unauthorized User Sign-In

CVE-2018-8971 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

Learn more about our User Device Pen Test.