CVE-2020-19003: Verification check bypass in Gate One

October 12, 2021 (updated September 20, 2024)

An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.

References

github.com/advisories/GHSA-q6j2-g8qf-wvf7
github.com/liftoff/GateOne
github.com/liftoff/GateOne/issues/728
github.com/pypa/advisory-database/tree/main/vulns/gateone/PYSEC-2021-423.yaml
nvd.nist.gov/vuln/detail/CVE-2020-19003

Code Behaviors & Features

Detect and mitigate CVE-2020-19003 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →