PT-2017-12011 · Gitlab · Gitlab Ce/Ee+1

Publicado

2017-08-02

Atualizado

2019-10-03

CVE-2017-11437

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab Enterprise Edition (EE) versions prior to 8.17.7 GitLab Enterprise Edition (EE) versions prior to 9.0.11 GitLab Enterprise Edition (EE) versions prior to 9.1.8 GitLab Enterprise Edition (EE) versions prior to 9.2.8 GitLab Enterprise Edition (EE) versions prior to 9.3.8

Description The issue allows an authenticated user with project creation capabilities to potentially read repositories belonging to other users through the mirroring feature.

Recommendations For versions prior to 8.17.7, update to version 8.17.7 or later. For versions prior to 9.0.11, update to version 9.0.11 or later. For versions prior to 9.1.8, update to version 9.1.8 or later. For versions prior to 9.2.8, update to version 9.2.8 or later. For versions prior to 9.3.8, update to version 9.3.8 or later.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2017-11437

Produtos afetados

Gitlab

Gitlab Ce/Ee

PT-2017-12011 · Gitlab · Gitlab Ce/Ee+1

CVE-2017-11437

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3