7.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Unchecked Return Value in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.
References
- HackerOne Bug Bounty Report #3476052 technical-description permissions-required exploit
- https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-releas…
- GitLab Issue #585333 issue-tracking permissions-required
- HackerOne Bug Bounty Report #3476052 technical-description permissions-required exploit
- https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-releas…
- GitLab Issue #585333 issue-tracking permissions-required
Affected products
- <18.6.4
- <18.7.2
- <18.8.2
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
pkgs.gitlab-ee
GitLab Enterprise Edition
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated!
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
pkgs.terraform-providers.gitlab
None
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_1.gitlab-markup
None
pkgs.rubyPackages_3_2.gitlab-markup
None
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_3_5.gitlab-markup
None
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings such as #1234, %56, or !789 into links to a Gitlab repository
pkgs.python312Packages.python-gitlab
Interact with GitLab API
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings such as #1234, %56, or !789 into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@globin Robin Gloster <mail@glob.in>
-
@yayayayaka Yaya <github@uwu.is>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@pineapplehunter Shogo Takata <peshogo+nixpkgs@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@wucke13 Wucke <wucke13@gmail.com>
-
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@kilimnik Daniel Kilimnik <mail@kilimnik.de>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@phip1611 Philipp Schuster <phip1611@gmail.com>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@mvisonneau Maxime VISONNEAU <maxime@visonneau.fr>
-
@snpschaaf Philippe Schaaf <philipe.schaaf@secunet.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@caniko Can H. Tartanoglu <gpg@rotas.mozmail.com>
-
@zazedd Leonardo Santos <leomendesantos@gmail.com>