Security Advisory

CVE-2025-11984

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-11 04:04:47

Last updated 2026-02-26 16:21:04

Assigner GitLab

State PUBLISHED

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.

← Browse all CVEs View on cve.org ↗