GitLab Login and Authorization Issue Affects Security

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.6

GitLab Login and Authorization Issue Affects Security

GHSA-5r3p-6rj5-7937

Summary

A bug in GitLab allows anyone to log in without a password, and developers can assign tasks to non-admin users, potentially exposing sensitive data. This could lead to unauthorized access and data breaches. Update to the latest version of GitLab to fix this issue.

What to do

Update github.com bytebase to version 1.0.1.

Affected software

Vendor	Product	Affected versions	Fix available
github.com	bytebase	<= 1.0.0	1.0.1

Original title

Bytebase vulnerable to Improper Authentication

Original description

### Impact
- GitLab login allows login by any user.
- JWT auth token can be derived as long as the server isn't rebooted.
- Developers can assign issues to non-admin/DBA users.

ghsa CVSS4.0 6.6

Vulnerability type

CWE-287 Improper Authentication

https://github.com/bytebase/bytebase/security/advisories/GHSA-5r3p-6rj5-7937
https://github.com/bytebase/bytebase/commit/a578ed58e478ba5c2dadf8d538ec5c3d39c2...
https://github.com/advisories/GHSA-5r3p-6rj5-7937

Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026