CVE-2025-0549

MEDIUM Year: 2025
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-288
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.

Related Vulnerabilities

CVE-2019-5455

MEDIUM
CVSS:6.8(Medium)

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.

CWE-2882019

CVE-2020-1618

MEDIUM
CVSS:6.8(Medium)

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certa...

CWE-2882020

CVE-2022-26865

MEDIUM
CVSS:6.8(Medium)

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by b...

CWE-2882022

CVE-2021-35530

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthor...

CWE-2882021

CVE-2018-10841

MEDIUM
CVSS:6.6(Medium)

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool...

CWE-2882018

CVE-2021-33700

HIGH
CVSS:7.0(High)

SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could s...

CWE-2882021